The ssl connection is slower, and it is expected. But when I configure pg_hba.conf to disable ssl via hostnossl, then ssl is not used, but the speed is similar to ssl.
Is it expected behave?
That's definitely not expected behavior. hostnossl should turn off ssl which should turn off the overhead completely. Does it make a difference if you also disable it from the client side?
When I explicitly disabled ssl, then I seen significantly less time
Intersting. Can you check with a network trace that it actually turns off ssl, so nothing is broken there?
I tested it on local only. The difference is +/- 5-10 ms, but it is well visible
My customer tested it on network, but on Windows, and there difference is about 100ms
Pavel
One thing that could be taking the time is an extra roundtrip -- e.g. it tries to connect with ssl fails and retries without. A network trace should also make this obvious, and can hopefully show you exactly where in the connection the time is spent.
See attached log
My pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only local all all trust # IPv4 local connections:
hostnossl all all 10.151.1.41/32 trust # IPv6 local connections: host all all ::1/128 trust