I am currently working on implementing the NNTP COMPRESS command in the
InternetNetNews news server. This commands permits to start a
compression layer (like the COMPRESS command for IMAP).
I have a question about a possible already active compression layer
after the use of SASL authentication. Is there a way to check whether a
compression layer has been negotiated during SASL authentication?
With OpenSSL, we can use the SSL_get_current_compression() function to
see whether a compression layer has been negotiated at the same time of
the TLS encryption layer. A similar function could be useful in Cyrus
SASL if it does not already exist. (Maybe current or future SASL
mechanisms can or will negotiate a compression layer.)
Note: it could be a property like SASL_SSF that InternetNewsNews
already checks after SASL authentication to see whether an encryption
layer has been negotiated. If the value of that property is >0, the use
of STARTTLS is disabled as an encryption layer already exists.
« If your dog is barking at the back door and your wife yelling at the
frontdoor, who do you let in first? The dog of course… at least
he'll shut up after you let him in! »