Thread: SSL Compression - doesn't work?

You mentioned you are using the Windows version; unless something has changed recently in their build process, the included openssl library is not linked against zlib and therefore compression is not possible unless you recompile the Windows version yourself.

Terence J. Ferraro

On Thu, May 8, 2014 at 9:36 AM, Adrian Klaver <adrian.klaver@aklaver.com> wrote:

On 05/08/2014 01:22 AM, Krystian Bigaj wrote:

Hi,

I'm wondering how, and if SSL compression works correctly.

Here is how I tested it:
- PostgreSQL 9.3.4 x86 on Windows 7 x64
- .crt/.key files by openssl, and placed in database cluster folder
- postgres.exe ran with: --ssl="on" --ssl_cert_file="test.crt"
--ssl_key_file="test.key"
- connection made by pgadmin with SSL=prefer, SSL Compression=True
- when connected I see in properties: Encryptions=SSL encrypted, SSL
Compression=yes
- I've dumped TCP transfer and I can tell that data is encrypted

Now when I run query like:
SELECT lpad('', 1024*1024, 'A')

then I see that there is a TCP transfer of 1,01MB (so 1MB of string
data, and some pg header/data).

If I turn off SSL Compression data transfer between postgres and pgadmin
is still 1,01MB (but in properties I see SSL Compression=no)

It looks like SSL compression doesn't work, or am I missing something?

http://www.postgresql.org/docs/9.3/static/libpq-connect.html

sslcompression

    If set to 1 (default), data sent over SSL connections will be compressed (this requires OpenSSL version 0.9.8 or later). If set to 0, compression will be disabled (this requires OpenSSL 1.0.0 or later). This parameter is ignored if a connection without SSL is made, or if the version of OpenSSL used does not support it.

So what version of OpenSSL are you using?

Best regards,
Krystian Bigaj

--
Adrian Klaver
adrian.klaver@aklaver.com


--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

You mentioned you are using the Windows version; unless something has changed recently in their build process, the included openssl library is not linked against zlib and therefore compression is not possible unless you recompile the Windows version yourself.

Terence J. Ferraro

On Thu, May 8, 2014 at 9:36 AM, Adrian Klaver <adrian.klaver@aklaver.com> wrote:

On 05/08/2014 01:22 AM, Krystian Bigaj wrote:

Hi,

I'm wondering how, and if SSL compression works correctly.

Here is how I tested it:
- PostgreSQL 9.3.4 x86 on Windows 7 x64
- .crt/.key files by openssl, and placed in database cluster folder
- postgres.exe ran with: --ssl="on" --ssl_cert_file="test.crt"
--ssl_key_file="test.key"
- connection made by pgadmin with SSL=prefer, SSL Compression=True
- when connected I see in properties: Encryptions=SSL encrypted, SSL
Compression=yes
- I've dumped TCP transfer and I can tell that data is encrypted

Now when I run query like:
SELECT lpad('', 1024*1024, 'A')

then I see that there is a TCP transfer of 1,01MB (so 1MB of string
data, and some pg header/data).

If I turn off SSL Compression data transfer between postgres and pgadmin
is still 1,01MB (but in properties I see SSL Compression=no)

It looks like SSL compression doesn't work, or am I missing something?

http://www.postgresql.org/docs/9.3/static/libpq-connect.html

sslcompression

    If set to 1 (default), data sent over SSL connections will be compressed (this requires OpenSSL version 0.9.8 or later). If set to 0, compression will be disabled (this requires OpenSSL 1.0.0 or later). This parameter is ignored if a connection without SSL is made, or if the version of OpenSSL used does not support it.

So what version of OpenSSL are you using?

Best regards,
Krystian Bigaj

--
Adrian Klaver
adrian.klaver@aklaver.com


--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general