| From: | Martijn van Oosterhout <kleptog(at)svana(dot)org> |
|---|---|
| To: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Maciek Sakrejda <maciek(at)heroku(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: sslcompression / PGSSLCOMPRESSION not behaving as documented? |
| Date: | 2015-01-18 11:37:13 |
| Message-ID: | 20150118113713.GA25809@svana.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Fri, Jan 16, 2015 at 08:41:54AM -0800, Adrian Klaver wrote:
> Yes that would seem to be the issue:
>
> https://launchpad.net/ubuntu/trusty/+source/openssl/+changelog
>
> openssl (1.0.1e-3ubuntu1)
>
> Disable compression to avoid CRIME systemwide (CVE-2012-4929).
FWIW, it's likely that the next version of TLS (version 1.3, see[1])
will no longer support compression at all. The concensus appears to be
that this is the wrong level to be applying compression.
Since the only way to get compression currently in Postgres is via TLS,
perhaps we should look at supporting compression natively in future
protocol versions.
It will take a while for TLS 1.3 to be deployed so there's time, but
PostgreSQL protocol revisions go at a similar pace.
Have a nice day,
[1] https://github.com/tlswg/tls13-spec
--
Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> He who writes carelessly confesses thereby at the very outset that he does
> not attach much importance to his own thoughts.
-- Arthur Schopenhauer
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kouhei Sutou | 2015-01-18 13:26:41 | Re: WAL supported extension |
| Previous Message | Oleg Bartunov | 2015-01-18 11:18:01 | Re: WAL supported extension |