| From: | Claudio Freire <klaussfreire(at)gmail(dot)com> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: disable SSL compression? |
| Date: | 2018-03-08 19:23:07 |
| Message-ID: | CAGTBQpaQJ_fCefiNmuP18drS+r7BxtCD8hR3jEB_ScsE64nZmQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Mar 8, 2018 at 3:40 PM, Peter Eisentraut
<peter(dot)eisentraut(at)2ndquadrant(dot)com> wrote:
> It appears that SSL compression is nowadays deprecated as insecure.
> Yet, it is still enabled by libpq by default, and there is no way to
> disable it in the server. Should we make some changes here? Does
> anyone know more about this?
Even if libpq enables it, it has to be enabled both in the client and
the server for it to work.
OpenSSL disables the whole feature by default, and enabling it is
rather cumbersome. The result is that, at least with OpenSSL, the
server and client won't accept compression without extensive fiddling
by the user.
So I don't think libpq has to change anything here.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2018-03-08 19:25:59 | Re: [HACKERS] Restrict concurrent update/delete with UPDATE of partition key |
| Previous Message | Peter Eisentraut | 2018-03-08 19:19:55 | Re: Handling better supported channel binding types for SSL implementations |