| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
| Cc: | Christoph Berg <myon(at)debian(dot)org>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, Jakob Egger <jakob(at)eggerapps(dot)at>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: sslmode=require fallback |
| Date: | 2016-07-20 10:50:29 |
| Message-ID: | CABUevEynJrohfSZ6yLg9-Mzt6EgHP2fMb40GXYM7wma2HHfWkg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Jul 19, 2016 at 10:57 PM, Peter Eisentraut <
peter(dot)eisentraut(at)2ndquadrant(dot)com> wrote:
> On 7/19/16 3:32 PM, Magnus Hagander wrote:
> > There are definitely cases where it's useful. I'm only arguing for
> > changing the default.
>
> I don't understand why you want to change the default. Is it for
> performance? Has it been measured?
>
>
Yes. I've run into it multiple times, but I haven't specifically measured
it. But I've had more than one situation where turning it off has
completely removed a performance problem.
I've only seen it in apps without proper connection pooling. It's the
negotiation of new sessions that's expensive, not actually encrypting the
data.
Most people definitely don't run into it, because most people don't use
localhost when they're local - they use the Unix socket. But for example a
locally running java application will be using localhost.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Amit Kapila | 2016-07-20 11:40:10 | Re: [BUG] pg_basebackup from disconnected standby fails |
| Previous Message | Greg Stark | 2016-07-20 10:47:12 | Re: sslmode=require fallback |