| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Claudio Freire <klaussfreire(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: disable SSL compression? |
| Date: | 2018-03-10 23:36:48 |
| Message-ID: | 3cb791ef-5aea-7667-02b7-9fef7416127c@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 3/9/18 09:06, Magnus Hagander wrote:
> What platform does that actually work out of the box on? I have
> customers who actively want to use it (for compression, not security --
> replication across limited and metered links), and the amount of
> workarounds they have to put in place OS level to get it working is
> increasingly complicated.
It was disabled in OpenSSL 1.1.0:
*) CRIME protection: disable compression by default, even if OpenSSL is
compiled with zlib enabled. Applications can still enable compression
by calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by
using the SSL_CONF library to configure compression.
[Emilia Käsper]
So for your purposes, you could add a server option to turn it back on.
Such a server option would also be useful for those users who are using
OpenSSL <1.1.0 and want to turn off compression on the server side.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Geoghegan | 2018-03-11 03:57:08 | Re: [HACKERS] MERGE SQL Statement for PG11 |
| Previous Message | Andrew Dunstan | 2018-03-10 23:24:28 | Re: VACUUM FULL vs dropped columns |