Thread: SSL Compression doesn't work
Hi,
I try to reduce bandwith use with ssl and compression. I create a test with:
1. CentOS release 6.6 (Final )x86_64
a. openssl-1.0.1e-30.el6_6.4.x86_64
b. kernel-2.6.32-504.1.3.el6.x86_64
2. PostgreSQL 9.3.5
a. postgresql93-libs-9.3.5-1PGDG.rhel6.x86_64
b. postgresql93-contrib-9.3.5-1PGDG.rhel6.x86_64
c. postgresql93-9.3.5-1PGDG.rhel6.x86_64
d. postgresql93-server-9.3.5-1PGDG.rhel6.x86_64
I configure a postgresql with SSL (http://www.postgresql.org/docs/9.3/static/ssl-tcp.htm), with self-signed certificate.
All work fine for SSL, but when I try to use the compression I didn’t find any difference monitoring traffic with tcdump.
These commands has the same network load (~1.1MB)
· psql "user=USER password=PASS host=HOST dbname=postgres sslmode=require sslcompression=1" -c "SELECT lpad('', 1024*1024, 'A');"
· psql "user=USER password=PASS host=HOST dbname=postgres sslmode=require sslcompression=0" -c "SELECT lpad('', 1024*1024, 'A');"
· psql "user=USER password=PASS host=HOST dbname=postgres sslmode=disable" -c "SELECT lpad('', 1024*1024, 'A');"
Best regards,
Edoardo Innocenti
Hi,
I try to reduce bandwith use with ssl and compression. I create a test with:
1. CentOS release 6.6 (Final )x86_64
a. openssl-1.0.1e-30.el6_6.4.x86_64
b. kernel-2.6.32-504.1.3.el6.x86_64
2. PostgreSQL 9.3.5
a. postgresql93-libs-9.3.5-1PGDG.rhel6.x86_64
b. postgresql93-contrib-9.3.5-1PGDG.rhel6.x86_64
c. postgresql93-9.3.5-1PGDG.rhel6.x86_64
d. postgresql93-server-9.3.5-1PGDG.rhel6.x86_64
I configure a postgresql with SSL (http://www.postgresql.org/docs/9.3/static/ssl-tcp.htm), with self-signed certificate.
All work fine for SSL, but when I try to use the compression I didn’t find any difference monitoring traffic with tcdump.
These commands has the same network load (~1.1MB)
· psql "user=USER password=PASS host=HOST dbname=postgres sslmode=require sslcompression=1" -c "SELECT lpad('', 1024*1024, 'A');"
· psql "user=USER password=PASS host=HOST dbname=postgres sslmode=require sslcompression=0" -c "SELECT lpad('', 1024*1024, 'A');"
· psql "user=USER password=PASS host=HOST dbname=postgres sslmode=disable" -c "SELECT lpad('', 1024*1024, 'A');"
Thanks Magnus, now compression works properly using pgsql client.
Da: Magnus Hagander [mailto:magnus@hagander.net]
Inviato: venerdì 2 gennaio 2015 16:48
A: Edoardo Innocenti - SDB Information Technology Srl
Cc: pgsql-admin@postgresql.org
Oggetto: Re: [ADMIN] SSL Compression doesn't work
On Fri, Jan 2, 2015 at 4:39 PM, Edoardo Innocenti - SDB Information Technology Srl <edoardo.innocenti@tech.sdb.it> wrote:
Hi,
I try to reduce bandwith use with ssl and compression. I create a test with:
1. CentOS release 6.6 (Final )x86_64
a. openssl-1.0.1e-30.el6_6.4.x86_64
b. kernel-2.6.32-504.1.3.el6.x86_64
2. PostgreSQL 9.3.5
a. postgresql93-libs-9.3.5-1PGDG.rhel6.x86_64
b. postgresql93-contrib-9.3.5-1PGDG.rhel6.x86_64
c. postgresql93-9.3.5-1PGDG.rhel6.x86_64
d. postgresql93-server-9.3.5-1PGDG.rhel6.x86_64
I configure a postgresql with SSL (http://www.postgresql.org/docs/9.3/static/ssl-tcp.htm), with self-signed certificate.
All work fine for SSL, but when I try to use the compression I didn’t find any difference monitoring traffic with tcdump.
These commands has the same network load (~1.1MB)
· psql "user=USER password=PASS host=HOST dbname=postgres sslmode=require sslcompression=1" -c "SELECT lpad('', 1024*1024, 'A');"
· psql "user=USER password=PASS host=HOST dbname=postgres sslmode=require sslcompression=0" -c "SELECT lpad('', 1024*1024, 'A');"
· psql "user=USER password=PASS host=HOST dbname=postgres sslmode=disable" -c "SELECT lpad('', 1024*1024, 'A');"
I believe this is because your distribution has decided to turn of SSL compression by default, and require you to set the OPENSSL_DEFAULT_ZLIB variable to turn it back on. See https://bugzilla.redhat.com/show_bug.cgi?id=857051 and https://rhn.redhat.com/errata/RHSA-2013-0587.html.
You need to set this variable both for the server and the client.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/