Postgres Pro
Downloads
Home   >   mailing lists

R: SSL Compression doesn't work - Mailing list pgsql-admin

From Edoardo Innocenti - SDB Information Technology Srl
Subject R: SSL Compression doesn't work
Date
Msg-id DBXPR04MB397A2F911407E3EF6A0C4A8A35A0@DBXPR04MB397.eurprd04.prod.outlook.com
Whole thread Raw
In response to Re: SSL Compression doesn't work  (Magnus Hagander <magnus@hagander.net>)
List pgsql-admin
Tree view

Thanks Magnus, now compression works properly using pgsql client.

 

Da: Magnus Hagander [mailto:magnus@hagander.net]
Inviato: venerdì 2 gennaio 2015 16:48
A: Edoardo Innocenti - SDB Information Technology Srl
Cc: pgsql-admin@postgresql.org
Oggetto: Re: [ADMIN] SSL Compression doesn't work

 

On Fri, Jan 2, 2015 at 4:39 PM, Edoardo Innocenti - SDB Information Technology Srl <edoardo.innocenti@tech.sdb.it> wrote:

Hi,

I try to reduce bandwith use with ssl and compression. I create a test with:

 

1.       CentOS release 6.6 (Final )x86_64

a.       openssl-1.0.1e-30.el6_6.4.x86_64

b.      kernel-2.6.32-504.1.3.el6.x86_64

 

2.       PostgreSQL 9.3.5

a.       postgresql93-libs-9.3.5-1PGDG.rhel6.x86_64

b.      postgresql93-contrib-9.3.5-1PGDG.rhel6.x86_64

c.       postgresql93-9.3.5-1PGDG.rhel6.x86_64

d.      postgresql93-server-9.3.5-1PGDG.rhel6.x86_64

 

I configure a postgresql with SSL (http://www.postgresql.org/docs/9.3/static/ssl-tcp.htm), with self-signed certificate.

All work fine for SSL, but when I try to use the compression I didn’t find any difference monitoring traffic with tcdump.

 

These commands has the same network load (~1.1MB)

·         psql "user=USER  password=PASS host=HOST dbname=postgres sslmode=require sslcompression=1" -c "SELECT lpad('', 1024*1024, 'A');"

·         psql "user=USER  password=PASS host=HOST dbname=postgres sslmode=require sslcompression=0" -c "SELECT lpad('', 1024*1024, 'A');"

·         psql "user=USER  password=PASS host=HOST dbname=postgres sslmode=disable" -c "SELECT lpad('', 1024*1024, 'A');"

 

 

I believe this is because your distribution has decided to turn of SSL compression by default, and require you to set the  OPENSSL_DEFAULT_ZLIB variable to turn it back on. See https://bugzilla.redhat.com/show_bug.cgi?id=857051 and https://rhn.redhat.com/errata/RHSA-2013-0587.html.

 

You need to set this variable both for the server and the client.

 

--

This message is for the recipients only. If you receive it in error, please notify the sender and delete it together with any attachments. For any further information, including our privacy policy please refer to http://www.savinodelbene.com/privacy/

pgsql-admin by date:

Previous
From: Craig Ringer
Date:
Subject: Re: PostgreSQL file system based restore from Linux to Windows
Next
From: "Zheng, Wendy"
Date:
Subject: The quickest way to migrate database within the same cluster