| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Andrew Gierth <andrew(at)tao11(dot)riddles(dot)org(dot)uk> |
| Cc: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Protocol problem with GSSAPI encryption? |
| Date: | 2019-12-20 17:37:48 |
| Message-ID: | 20191220173748.GE29807@momjian.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sun, Dec 1, 2019 at 01:13:31AM +0000, Andrew Gierth wrote:
> This came up recently on IRC, not sure if the report there was passed on
> at all.
>
> ProcessStartupPacket assumes that there will be only one negotiation
> request for an encrypted connection, but libpq is capable of issuing
> two: it will ask for GSS encryption first, if it looks like it will be
> able to do GSSAPI, and if the server refuses that it will ask (on the
> same connection) for SSL.
Are you saying that there is an additional round-trip for starting all
SSL connections because we now support GSSAPI, or this only happens if
libpq asks for GSSAPI?
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2019-12-20 17:37:51 | Re: Created feature for to_date() conversion using patterns 'YYYY-WW', 'YYYY-WW-D', 'YYYY-MM-W' and 'YYYY-MM-W-D' |
| Previous Message | Simon Riggs | 2019-12-20 17:35:36 | Re: Optimizing TransactionIdIsCurrentTransactionId() |