Re: Disable OpenSSL compression - Mailing list pgsql-hackers

From ktm@rice.edu
Subject Re: Disable OpenSSL compression
Date
Msg-id 20111108160612.GV10975@staff-mud-56-27.rice.edu
Whole thread Raw
In response to Re: Disable OpenSSL compression  ("Albe Laurenz" <laurenz.albe@wien.gv.at>)
Responses Re: Disable OpenSSL compression
List pgsql-hackers
On Tue, Nov 08, 2011 at 04:19:02PM +0100, Albe Laurenz wrote:
> Tom Lane wrote:
> > I distinctly recall us getting bashed a few years ago because there
> > wasn't any convenient way to turn SSL compression *on*.  Now that SSL
> > finally does the sane thing by default, you want to turn it off?
> > 
> > The fact of the matter is that in most situations where you want SSL,
> > ie links across insecure WANs, compression is a win.  Testing a local
> > connection, as you seem to have done, is just about 100% irrelevant to
> > performance in the real world.
> 
> Maybe that's paranoia, but we use SSL via the company's LAN to keep
> potentially sensitive data from crossing the network unencrypted.
> 
> > There might be some argument for providing a client option to disable
> > compression, but it should not be forced, and it shouldn't even be the
> > default.  But before adding YA connection option, I'd want to see some
> > evidence that it's useful over non-local connections.
> 
> I will try to provide test results via remote connection; I thought
> that localhost was a good enough simulation for a situation where
> you are not network bound.
> 
> I agree with you that a client option would make more sense.
> The big problem I personally have with that is that it only works
> if you use libpq. When using the JDBC driver or Npgsql, a client
> option wouldn't help me at all.
> 
> Yours,
> Laurenz Albe
> 

I think that JDBC and Npgsql should also support disabling compression.

Regards,
Ken


pgsql-hackers by date:

Previous
From: "ktm@rice.edu"
Date:
Subject: Re: Disable OpenSSL compression
Next
From: Robert Haas
Date:
Subject: Re: heap vacuum & cleanup locks