Magnus Hagander wrote:
> > I don't understand why you want to change the default. Is it for
> > performance? Has it been measured?
> >
> >
> Yes. I've run into it multiple times, but I haven't specifically measured
> it. But I've had more than one situation where turning it off has
> completely removed a performance problem.
Here's a test case retrieving 133000 rows representing
100Mbytes of text, that shows a 4x slowdown with ssl.
ssl_renegotiation_limit is set to 0 and the cache is warmed up
by repeated executions.
Without SSL:
$ time psql -At "postgresql://localhost/mlists?sslmode=disable"\ -c "select subject from mail" -o /dev/null
real 0m1.359s
user 0m0.544s
sys 0m0.084s
With SSL:
$ time psql -At "postgresql://localhost/mlists?sslmode=require"\ -c "select subject from mail" -o /dev/null
real 0m5.395s
user 0m1.080s
sys 0m0.116s
The CPU is Intel(R) Xeon(R) CPU E31230 @ 3.20GHz, OS is Debian7
with kernel 3.2.0-4.
Personally I think that TLS for local networking is wrong as a default, and
it's unfortunate that distros like Debian/Ubuntu end up using that.
Best regards,
--
Daniel Vérité
PostgreSQL-powered mailer: http://www.manitou-mail.org
Twitter: @DanielVerite
