Details

      Description

      Regarding encryption and compression:

      • XMPP Core defines TLS encryption, specifically STARTTLS
      • XEP-0138 [1] defines Zlib compression

      ejabberd currently implements:

      • STARTTLS
      • Zlib
        But only one of those options can be used at the same time by a client in ejabberd right now.

      The current TLS specs allow compression, but it's difficult to implement the required negotiation [3].

      Since the compression feature included in TLS can't be used, the only way is TLS + XEP-0138, as described in XEP-0170. Order of negotiation:
      1. TLS
      2. SASL
      3. Stream compression
      4. Resource binding

      Feature request reported by Kostix in the ejabberd chatroom.

      [1] http://www.xmpp.org/extensions/xep-0138.html
      [2] http://www.xmpp.org/extensions/xep-0170.html
      [3] From the man page on SSL_COMP_add_compression_method(3) (OpenSSL):
      The TLS standard (or SSLv3) allows the integration of compression methods into the communication. The TLS RFC does however not specify compression methods or their corresponding identifiers, so there is currently no compatible way to integrate compression with unknown peers. It is therefore currently not recommended to integrate compression into applications. Applications for non-public use may agree on certain compression methods. Using different compression methods with the same identifier will lead to connection failure.

        Activity

        Hide
        badlop Badlop added a comment -

        Dan Morrill (a Google developer in Android SDK) explained [1] that compression reduces traffic consumption, but increases computation requirements, and this translates in battery consumption.

        Verbatim copy from his email:

        Bandwidth and CPU overhead
        ********************************************
        Bandwidth used means radio transmissions sent, and overhead means more work
        done by the processor, both of which take battery power and reduce battery
        life. Meanwhile, compression turned out to not be very helpful. Since it's
        negotiated during connection startup, it doesn't help with startup
        overhead. It does help somewhat with steady-state bandwidth, but at the
        expense of additional CPU cycles. The result is that enabling compression
        actually reduced battery life in our tests – it took more power for the CPU
        to do compression than we saved on radio power. In other words, zlib can
        save you bandwidth, but only at a significant net cost of battery life.
        This left us stuck between a rock and a hard place.

        [1] Google Androïd SDK not XMPP compliant ?
        http://mail.jabber.org/pipermail/standards/2008-February/018015.html

        Show
        badlop Badlop added a comment - Dan Morrill (a Google developer in Android SDK) explained [1] that compression reduces traffic consumption, but increases computation requirements, and this translates in battery consumption. Verbatim copy from his email: Bandwidth and CPU overhead ******************************************** Bandwidth used means radio transmissions sent, and overhead means more work done by the processor, both of which take battery power and reduce battery life. Meanwhile, compression turned out to not be very helpful. Since it's negotiated during connection startup, it doesn't help with startup overhead. It does help somewhat with steady-state bandwidth, but at the expense of additional CPU cycles. The result is that enabling compression actually reduced battery life in our tests – it took more power for the CPU to do compression than we saved on radio power. In other words, zlib can save you bandwidth, but only at a significant net cost of battery life. This left us stuck between a rock and a hard place. [1] Google Androïd SDK not XMPP compliant ? http://mail.jabber.org/pipermail/standards/2008-February/018015.html
        Hide
        badlop Badlop added a comment -

        Aleksey Shchepin showed that ejabberd apparently supports TLS compression:

        $ ejabberdctl start
        $ gnutls-cli localhost -p 5223 --insecure --comp DEFLATE NULL                        
        ...
        - Compression: DEFLATE
        ...
        
        $ openssl s_client -connect 127.0.0.1:5223 -ssl3
        ...
        New, TLSv1/SSLv3, Cipher is AES256-SHA
        Server public key is 1024 bit
        Compression: zlib compression
        Expansion: zlib compression
        SSL-Session:
            Protocol  : SSLv3
            Cipher    : AES256-SHA
            Session-ID:
            Session-ID-ctx:
            Master-Key: DB078522D62C25CA93EBB8154EA8C8260FD6EBFD
            1F1B90E98E3BFFD4EBD7A544AA0B115D9B697C2944BC3EA22E4B0FDA
            Key-Arg   : None
           Compression: 1 (zlib compression)
            Start Time: 1245938777
            Timeout   : 7200 (sec)
            Verify return code: 18 (self signed certificate)
        
        Show
        badlop Badlop added a comment - Aleksey Shchepin showed that ejabberd apparently supports TLS compression: $ ejabberdctl start $ gnutls-cli localhost -p 5223 --insecure --comp DEFLATE NULL ... - Compression: DEFLATE ... $ openssl s_client -connect 127.0.0.1:5223 -ssl3 ... New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 1024 bit Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : SSLv3 Cipher : AES256-SHA Session-ID: Session-ID-ctx: Master-Key: DB078522D62C25CA93EBB8154EA8C8260FD6EBFD 1F1B90E98E3BFFD4EBD7A544AA0B115D9B697C2944BC3EA22E4B0FDA Key-Arg : None Compression: 1 (zlib compression) Start Time: 1245938777 Timeout : 7200 (sec) Verify return code: 18 (self signed certificate)
        Hide
        mremond@process-one.net Mickaël Rémond added a comment -

        I have case where it does not work. Will follow up privately.


        Mickaël Rémond
        http://www.process-one.net/

        Le 25 juin 2009 à 17:55, Badlop <ejabberd-dev@process-one.net> a

        Show
        mremond@process-one.net Mickaël Rémond added a comment - I have case where it does not work. Will follow up privately. – Mickaël Rémond http://www.process-one.net/ Le 25 juin 2009 à 17:55, Badlop <ejabberd-dev@process-one.net> a
        Hide
        badlop Badlop added a comment -

        I've tested Aleksey Shchepin's implementation with Psi 0.12.1.
        Committed to ejabberd trunk SVN r2571, and road-to-exmpp SVN r2572.

        Show
        badlop Badlop added a comment - I've tested Aleksey Shchepin's implementation with Psi 0.12.1. Committed to ejabberd trunk SVN r2571, and road-to-exmpp SVN r2572.

          People

          • Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development