Re: SSL Compression doesn't work

On Fri, Jan 2, 2015 at 4:39 PM, Edoardo Innocenti - SDB Information
Technology Srl <edoardo(dot)innocenti(at)tech(dot)sdb(dot)it> wrote:

> Hi,
>
> I try to reduce bandwith use with ssl and compression. I create a test
> with:
>
>
>
> 1. CentOS release 6.6 (Final )x86_64
>
> a. openssl-1.0.1e-30.el6_6.4.x86_64
>
> b. kernel-2.6.32-504.1.3.el6.x86_64
>
>
>
> 2. PostgreSQL 9.3.5
>
> a. postgresql93-libs-9.3.5-1PGDG.rhel6.x86_64
>
> b. postgresql93-contrib-9.3.5-1PGDG.rhel6.x86_64
>
> c. postgresql93-9.3.5-1PGDG.rhel6.x86_64
>
> d. postgresql93-server-9.3.5-1PGDG.rhel6.x86_64
>
>
>
> I configure a postgresql with SSL (
> http://www.postgresql.org/docs/9.3/static/ssl-tcp.htm), with self-signed
> certificate.
>
> All work fine for SSL, but when I try to use the compression I didn’t find
> any difference monitoring traffic with tcdump.
>
>
>
> These commands has the same network load (~1.1MB)
>
> · psql "user=USER password=PASS host=HOST dbname=postgres
> sslmode=require sslcompression=1" -c "SELECT lpad('', 1024*1024, 'A');"
>
> · psql "user=USER password=PASS host=HOST dbname=postgres
> sslmode=require sslcompression=0" -c "SELECT lpad('', 1024*1024, 'A');"
>
> · psql "user=USER password=PASS host=HOST dbname=postgres
> sslmode=disable" -c "SELECT lpad('', 1024*1024, 'A');"
>
>
>
I believe this is because your distribution has decided to turn of SSL
compression by default, and require you to set the OPENSSL_DEFAULT_ZLIB
variable to turn it back on. See
https://bugzilla.redhat.com/show_bug.cgi?id=857051 and
https://rhn.redhat.com/errata/RHSA-2013-0587.html.

You need to set this variable both for the server and the client.

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/