Thread: SSL Compression doesn't work

SSL Compression doesn't work

From
Edoardo Innocenti - SDB Information Technology Srl
Date:

Hi,

I try to reduce bandwith use with ssl and compression. I create a test with:

 

1.       CentOS release 6.6 (Final )x86_64

a.       openssl-1.0.1e-30.el6_6.4.x86_64

b.      kernel-2.6.32-504.1.3.el6.x86_64

 

2.       PostgreSQL 9.3.5

a.       postgresql93-libs-9.3.5-1PGDG.rhel6.x86_64

b.      postgresql93-contrib-9.3.5-1PGDG.rhel6.x86_64

c.       postgresql93-9.3.5-1PGDG.rhel6.x86_64

d.      postgresql93-server-9.3.5-1PGDG.rhel6.x86_64

 

I configure a postgresql with SSL (http://www.postgresql.org/docs/9.3/static/ssl-tcp.htm), with self-signed certificate.

All work fine for SSL, but when I try to use the compression I didn’t find any difference monitoring traffic with tcdump.

 

These commands has the same network load (~1.1MB)

·         psql "user=USER  password=PASS host=HOST dbname=postgres sslmode=require sslcompression=1" -c "SELECT lpad('', 1024*1024, 'A');"

·         psql "user=USER  password=PASS host=HOST dbname=postgres sslmode=require sslcompression=0" -c "SELECT lpad('', 1024*1024, 'A');"

·         psql "user=USER  password=PASS host=HOST dbname=postgres sslmode=disable" -c "SELECT lpad('', 1024*1024, 'A');"

 

Best regards,

Edoardo Innocenti

 

 

 

 

This message is for the recipients only. If you receive it in error, please notify the sender and delete it together with any attachments. For any further information, including our privacy policy please refer to http://www.savinodelbene.com/privacy/

Re: SSL Compression doesn't work

From
Magnus Hagander
Date:
On Fri, Jan 2, 2015 at 4:39 PM, Edoardo Innocenti - SDB Information Technology Srl <edoardo.innocenti@tech.sdb.it> wrote:

Hi,

I try to reduce bandwith use with ssl and compression. I create a test with:

 

1.       CentOS release 6.6 (Final )x86_64

a.       openssl-1.0.1e-30.el6_6.4.x86_64

b.      kernel-2.6.32-504.1.3.el6.x86_64

 

2.       PostgreSQL 9.3.5

a.       postgresql93-libs-9.3.5-1PGDG.rhel6.x86_64

b.      postgresql93-contrib-9.3.5-1PGDG.rhel6.x86_64

c.       postgresql93-9.3.5-1PGDG.rhel6.x86_64

d.      postgresql93-server-9.3.5-1PGDG.rhel6.x86_64

 

I configure a postgresql with SSL (http://www.postgresql.org/docs/9.3/static/ssl-tcp.htm), with self-signed certificate.

All work fine for SSL, but when I try to use the compression I didn’t find any difference monitoring traffic with tcdump.

 

These commands has the same network load (~1.1MB)

·         psql "user=USER  password=PASS host=HOST dbname=postgres sslmode=require sslcompression=1" -c "SELECT lpad('', 1024*1024, 'A');"

·         psql "user=USER  password=PASS host=HOST dbname=postgres sslmode=require sslcompression=0" -c "SELECT lpad('', 1024*1024, 'A');"

·         psql "user=USER  password=PASS host=HOST dbname=postgres sslmode=disable" -c "SELECT lpad('', 1024*1024, 'A');"



I believe this is because your distribution has decided to turn of SSL compression by default, and require you to set the  OPENSSL_DEFAULT_ZLIB variable to turn it back on. See https://bugzilla.redhat.com/show_bug.cgi?id=857051 and https://rhn.redhat.com/errata/RHSA-2013-0587.html.

You need to set this variable both for the server and the client.

--

R: SSL Compression doesn't work

From
Edoardo Innocenti - SDB Information Technology Srl
Date:

Thanks Magnus, now compression works properly using pgsql client.

 

Da: Magnus Hagander [mailto:magnus@hagander.net]
Inviato: venerdì 2 gennaio 2015 16:48
A: Edoardo Innocenti - SDB Information Technology Srl
Cc: pgsql-admin@postgresql.org
Oggetto: Re: [ADMIN] SSL Compression doesn't work

 

On Fri, Jan 2, 2015 at 4:39 PM, Edoardo Innocenti - SDB Information Technology Srl <edoardo.innocenti@tech.sdb.it> wrote:

Hi,

I try to reduce bandwith use with ssl and compression. I create a test with:

 

1.       CentOS release 6.6 (Final )x86_64

a.       openssl-1.0.1e-30.el6_6.4.x86_64

b.      kernel-2.6.32-504.1.3.el6.x86_64

 

2.       PostgreSQL 9.3.5

a.       postgresql93-libs-9.3.5-1PGDG.rhel6.x86_64

b.      postgresql93-contrib-9.3.5-1PGDG.rhel6.x86_64

c.       postgresql93-9.3.5-1PGDG.rhel6.x86_64

d.      postgresql93-server-9.3.5-1PGDG.rhel6.x86_64

 

I configure a postgresql with SSL (http://www.postgresql.org/docs/9.3/static/ssl-tcp.htm), with self-signed certificate.

All work fine for SSL, but when I try to use the compression I didn’t find any difference monitoring traffic with tcdump.

 

These commands has the same network load (~1.1MB)

·         psql "user=USER  password=PASS host=HOST dbname=postgres sslmode=require sslcompression=1" -c "SELECT lpad('', 1024*1024, 'A');"

·         psql "user=USER  password=PASS host=HOST dbname=postgres sslmode=require sslcompression=0" -c "SELECT lpad('', 1024*1024, 'A');"

·         psql "user=USER  password=PASS host=HOST dbname=postgres sslmode=disable" -c "SELECT lpad('', 1024*1024, 'A');"

 

 

I believe this is because your distribution has decided to turn of SSL compression by default, and require you to set the  OPENSSL_DEFAULT_ZLIB variable to turn it back on. See https://bugzilla.redhat.com/show_bug.cgi?id=857051 and https://rhn.redhat.com/errata/RHSA-2013-0587.html.

 

You need to set this variable both for the server and the client.

 

--

This message is for the recipients only. If you receive it in error, please notify the sender and delete it together with any attachments. For any further information, including our privacy policy please refer to http://www.savinodelbene.com/privacy/