| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Mark Mielke <mark(at)mark(dot)mielke(dot)cc> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: SSL over Unix-domain sockets |
| Date: | 2008-01-05 21:05:20 |
| Message-ID: | 200801052205.21663.peter_e@gmx.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-patches |
Mark Mielke wrote:
> Does the patch handle patched clients connecting to unpatched servers
> and vice versa?
Yes, it is all compatible.
> Cryptographic
> authentication and encrypted data stream cost is high compared to no
> cryptographic authentication or encrypted data streams. I don't know if
> it would impact me or not. Peter: Have you tried running a benchmark of
> localssl vs localnossl?
Good point. I tried this
time for x in $(seq 1 1000); do
pg-install/bin/psql -c "select 1" >/dev/null
done
With ssl=off it looks about like this:
real 0m12.909s
user 0m3.712s
sys 0m3.056s
With ssl=on it looks about like this:
real 1m4.741s
user 0m26.638s
sys 0m4.328s
It has been reported that the data transmission overhead is much less than the
connection establishing overhead, which is measured here. But this is
certainly not an encouraging measurement, if we want to put this close to the
default path of use.
--
Peter Eisentraut
http://developer.postgresql.org/~petere/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Treat | 2008-01-05 21:30:04 | Re: Dynamic Partitioning using Segment Visibility Maps |
| Previous Message | Gokulakannan Somasundaram | 2008-01-05 19:42:32 | Re: Dynamic Partitioning using Segment Visibility Maps |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2008-01-05 23:38:38 | Re: OUTER JOIN performance regression remains in 8.3beta4 |
| Previous Message | Mark Mielke | 2008-01-05 19:14:53 | Re: SSL over Unix-domain sockets |