Charles Hornberger wrote:
> On Wed, 23 Jul 2003, Bruce Momjian wrote:
> > Charles Hornberger wrote:
> > > Am I right in interpreting this to mean that I either have to use SSL
> > > all the time or none of the time? I'm especially tempted to believe
> > > this might be the case after seeing this item in the "Clients" section
> > > of http://developer.postgresql.org/todo.php:
> > >
> > > - Allow SSL-enabled clients to turn off SSL transfers
> > >
> > > Does that mean that, if SSL is enabled for the postmaster, the client
> > > will always be forced to use SSL? Or is there something I need to do to
> > > force the client to NOT use SSL?
> >
> > Right, it will use SSL if possible, so if both client and server are SSL
> > enabled, SSL will be used. 7.4 will allow you to control that.
>
> Interesting. So, am I right in thinking that in 7.3.x, theoretically it'd
> be possible to build the postgres backends with SSL support but the
> clients -- and I guess libpq is really what I'm talking about here, since
> normally I'm connecting via Python or PHP -- without it? And would an
> SSL-enabled backend agree to talk to a SSL-disabled client?
Yes, you could to it, but by default, libpq will have SSL compiled in it
just like the backend, but if you created a non-ssl client, it would
talk to the postmaster just fine, unless you have hostssl in
pg_hba.conf.
> As an aside: The only reason I'm worring about this is that sometimes my
> client apps generate rather large query results and as far as I can tell,
> the overhead of SSL encryption/decryption is slowing things down quite
> noticeably in those cases. But I'm pretty ignorant about these matters,
> and maybe SSL's not to blame (although I'd be hard pressed to explain the
> difference in query performance between local and SSL-over-TCP connections
> otherwise).
Please let us know what you find from testing.
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073