From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
---|---|
To: | Magnus Hagander <magnus(at)hagander(dot)net> |
Cc: | Claudio Freire <klaussfreire(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: disable SSL compression? |
Date: | 2018-03-10 23:36:48 |
Message-ID: | 3cb791ef-5aea-7667-02b7-9fef7416127c@2ndquadrant.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 3/9/18 09:06, Magnus Hagander wrote:
> What platform does that actually work out of the box on? I have
> customers who actively want to use it (for compression, not security --
> replication across limited and metered links), and the amount of
> workarounds they have to put in place OS level to get it working is
> increasingly complicated.
It was disabled in OpenSSL 1.1.0:
*) CRIME protection: disable compression by default, even if OpenSSL is
compiled with zlib enabled. Applications can still enable compression
by calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by
using the SSL_CONF library to configure compression.
[Emilia Käsper]
So for your purposes, you could add a server option to turn it back on.
Such a server option would also be useful for those users who are using
OpenSSL <1.1.0 and want to turn off compression on the server side.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Geoghegan | 2018-03-11 03:57:08 | Re: [HACKERS] MERGE SQL Statement for PG11 |
Previous Message | Andrew Dunstan | 2018-03-10 23:24:28 | Re: VACUUM FULL vs dropped columns |