Home > mailing lists

Re: Disable OpenSSL compression - Mailing list pgsql-hackers

From	Andrew Dunstan
Subject	Re: Disable OpenSSL compression
Date	November 10, 2011 13:23:01
Msg-id	4EBBDE3B.6030305@dunslane.net Whole thread Raw
In response to	Re: Disable OpenSSL compression (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Disable OpenSSL compression
List	pgsql-hackers

Tree view

On 11/08/2011 12:39 PM, Tom Lane wrote:
> Jeroen Vermeulen<jtv@xs4all.nl>  writes:
>> Another reason why I believe compression is often used with encryption
>> is to maximize information content per byte of data: harder to guess,
>> harder to crack.  Would that matter?
> Yes, it would.  There's a reason why the OpenSSL default is what it is.
>
>             

An interesting data point on this is that RedHat's nss_compat_ossl 
package doesn't support SSL compression at all 
<http://fedoraproject.org/wiki/Nss_compat_ossl>, and it's supposed to be 
a path to FIPS 140 compliance: 
<http://fedoraproject.org/wiki/FedoraCryptoConsolidation>. The latter 
URL, incidentally, contains a lot of good information, and lays out many 
of the reasons why I'd like to see us support NSS as an alternative to 
OpenSSL, notwithstanding the supposed dirtiness of its API. I imagine 
this would be of interest to commercial Postgres vendors also.

cheers

andrew

pgsql-hackers by date:

From: Jan Kundrát
Date: 10 November 2011, 12:40:24
Subject: Re: Re: [patch] Include detailed information about a row failing a CHECK constraint into the error message

From: Kääriäinen Anssi
Date: 10 November 2011, 13:29:48
Subject: Re: Re: [patch] Include detailed information about a row failing a CHECK constraint into the error message

Re: Disable OpenSSL compression - Mailing list pgsql-hackers

Previous

Next