Magnus Hagander escribió:
> Tom Lane wrote:
>> Linos <info@linos.es> writes:
>>> Tom Lane escribió:
>>>> That's just weird --- ssl off should be ssl off no matter which knob you
>>>> use to turn it off. Are you sure it's really off in the slow connections?
>>> Maybe i am missing something, i use the same command to connect to it
>>> from localhost "psql -d database -h localhost" and in the pcap files i
>>> have captured the protocol it is clear (with "ssl = false" or "ssl =
>>> true" either), but in the debian machine with "ssl = true" in
>>> postgresql.conf you can see in the pcap file big time jumps between
>>> data packets, psql commandline enables automatically ssl if the server
>>> supports it?
>> Yeah, the default behavior is to do SSL if supported; see PGSSLMODE.
>> Non-TCP connections never do SSL, though. One possibility to check
>> is that one of the two distros has altered the default value of
>> PGSSLMODE.
>
> IIRC, debian ships with a default certificate for the postgres
> installation, so it can actually *use* SSL by default. I don't know if
> other distros do that - I think most require you to actually create a
> certificate yourself.
>
> //Magnus
Yeah i have tested with PGSSLMODE environment and it makes the difference when
it is activated, debian ships with a cert that makes it enabled by default but
Arch Linux no, i get with wireshark in the data packets from postgresql
"unreassembled packet" so i thought that was the same but obviously one it is
using ssl and the other not, and before now i have not noticed but psql gives me
the hint that it is connect by ssl with the line "conexión SSL (cifrado:
DHE-RSA-AES256-SHA, bits: 256)" after connect, i did not know that ssl activated
would have this speed penalty, goes from 110 ms to 4200ms, Thanks Tom and Magnus
for the help.
Regards,
Miguel Angel.
