Re: using ssl some of the time - Mailing list pgsql-admin

From Bruce Momjian
Subject Re: using ssl some of the time
Date
Msg-id 200307242153.h6OLr4f03872@candle.pha.pa.us
Whole thread Raw
In response to Re: using ssl some of the time  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-admin
Tom Lane wrote:
> > Charles Hornberger wrote:
> >> Just a quick follow-up to share one (!) data point, which looks to me
> >> like it indicates that SSL encryption/decryption is pretty expensive on
> >> one of our Sun Ultra 5 boxes. The following query ("select * from wp")
> >> generates ~270K of output. When executed via a psql client that's
> >> connected over a non-encrypted link, it takes 0.7 seconds; over an
> >> encrypted link, it takes more than 10 times that long.
>
> I suspect most of this is from the ridiculously small renegotiation
> interval we put into 7.3.  Try increasing RENEGOTIATION_LIMIT in
> src/backend/libpq/be-secure.c (we've bumped it to 512 meg for 7.4).

Yes, good point!  Would you try 7.4 or that change and let us know the
results?

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

pgsql-admin by date:

Previous
From: Tom Lane
Date:
Subject: Re: using ssl some of the time
Next
From: "Dilan Arumainathan"
Date:
Subject: SQL Server DTS for data migration