Re: using ssl some of the time - Mailing list pgsql-admin
| From | Charles Hornberger |
|---|---|
| Subject | Re: using ssl some of the time |
| Date | |
| Msg-id | 3F2022F0.2000106@hss.caltech.edu Whole thread Raw |
| In response to | Re: using ssl some of the time (Bruce Momjian <pgman@candle.pha.pa.us>) |
| Responses |
Re: using ssl some of the time
|
| List | pgsql-admin |
Bruce Momjian wrote: > Charles Hornberger wrote: > >>On Wed, 23 Jul 2003, Bruce Momjian wrote: >> >>>Charles Hornberger wrote: >>> >>>>Am I right in interpreting this to mean that I either have to use SSL >>>>all the time or none of the time? I'm especially tempted to believe >>>>this might be the case after seeing this item in the "Clients" section >>>>of http://developer.postgresql.org/todo.php: >>>> >>>> - Allow SSL-enabled clients to turn off SSL transfers >>>> >>>>Does that mean that, if SSL is enabled for the postmaster, the client >>>>will always be forced to use SSL? Or is there something I need to do to >>>>force the client to NOT use SSL? >>> >>>Right, it will use SSL if possible, so if both client and server are SSL >>>enabled, SSL will be used. 7.4 will allow you to control that. I have one more question about the plans for 7.4. How will users of clients based on libpq use this? Will there be a new optional connection parameter ('ssl=true') or something? >>As an aside: The only reason I'm worring about this is that sometimes my >>client apps generate rather large query results and as far as I can tell, >>the overhead of SSL encryption/decryption is slowing things down quite >>noticeably in those cases. But I'm pretty ignorant about these matters, >>and maybe SSL's not to blame (although I'd be hard pressed to explain the >>difference in query performance between local and SSL-over-TCP connections >>otherwise). > > > Please let us know what you find from testing. > Just a quick follow-up to share one (!) data point, which looks to me like it indicates that SSL encryption/decryption is pretty expensive on one of our Sun Ultra 5 boxes. The following query ("select * from wp") generates ~270K of output. When executed via a psql client that's connected over a non-encrypted link, it takes 0.7 seconds; over an encrypted link, it takes more than 10 times that long. # time psql -qAt -c 'select * from wp' eclatch > /dev/null real 0m0.718s user 0m0.120s sys 0m0.080s # time psql -h localhost -qAt -c 'select * from wp' eclatch > /dev/null real 0m8.081s user 0m3.930s sys 0m0.410s # psql -qAt -c 'select * from wp' eclatch | wc 2057 30717 276549 # psql -c "select version()" template1 version ------------------------------------------------------------------ PostgreSQL 7.3.2 on sparc-sun-solaris2.7, compiled by GCC 2.95.2 -Charlie
pgsql-admin by date: