Re: Disallow SSL compression?

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: Daniel Gustafsson <daniel(at)yesql(dot)se>
Cc: Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, PostgreSQL Developers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Re: Disallow SSL compression?
Date: 2021-03-05 07:04:20
Message-ID: YEHX9DuI4oM/
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On Thu, Mar 04, 2021 at 11:52:56PM +0100, Daniel Gustafsson wrote:
> The attached version takes a step further and removes sslcompression from
> pg_conn and just eats the value as there is no use in setting a dummy alue. It
> also removes compression from PgBackendSSLStatus and be_tls_get_compression as
> raised by Michael downthread. I opted for keeping the column in pg_stat_ssl
> with a note in the documentation that it will be removed, for the same
> backwards compatibility reason of eating the connection param without acting on
> it. This might be overthinking it however.

FWIW, I would vote to nuke it from all those places, reducing a bit
pg_stat_get_activity() while on it. Keeping it around in the system
catalogs may cause confusion IMHO, by making people think that it is
still possible to get into configurations where sslcompression could
be really enabled. The rest of the patch looks fine to me.

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message bchen90 2021-03-05 07:32:43 Which PG version does CVE-2021-20229 affected?
Previous Message Julien Rouhaud 2021-03-05 06:59:49 Re: n_mod_since_analyze isn't reset at table truncation