Re: Disallow SSL compression?

> On 5 Mar 2021, at 08:04, Michael Paquier <michael(at)paquier(dot)xyz> wrote:
>
> On Thu, Mar 04, 2021 at 11:52:56PM +0100, Daniel Gustafsson wrote:
>> The attached version takes a step further and removes sslcompression from
>> pg_conn and just eats the value as there is no use in setting a dummy alue. It
>> also removes compression from PgBackendSSLStatus and be_tls_get_compression as
>> raised by Michael downthread. I opted for keeping the column in pg_stat_ssl
>> with a note in the documentation that it will be removed, for the same
>> backwards compatibility reason of eating the connection param without acting on
>> it. This might be overthinking it however.
>
> FWIW, I would vote to nuke it from all those places, reducing a bit
> pg_stat_get_activity() while on it. Keeping it around in the system
> catalogs may cause confusion IMHO, by making people think that it is
> still possible to get into configurations where sslcompression could
> be really enabled. The rest of the patch looks fine to me.

Attached is a version which removes that as well. I left the compression
keyword in PQsslAttribute on purpose, not really for backwards compatibility
(PQsslAttributeNames takes care of that) but rather since it's a more generic
connection-info function.

--
Daniel Gustafsson https://vmware.com/