Re: Compression on SSL links?

From: Craig Ringer <craig(at)postnewspapers(dot)com(dot)au>
To: Bruce Momjian <bruce(at)momjian(dot)us>
Cc: Karl Denninger <karl(at)denninger(dot)net>, Postgres General <pgsql-general(at)postgresql(dot)org>
Subject: Re: Compression on SSL links?
Date: 2010-08-13 15:12:46
Message-ID: 4C6560EE.1070606@postnewspapers.com.au
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On 13/08/2010 10:50 PM, Bruce Momjian wrote:

> I thought all SSL traffic was compressed, unless you turned that off.
> It is just SSH that is always compressed?

Frankly, I thought all SSL traffic was compressed too, but the reading
I've just been doing suggests otherwise. It looks like compression *is*
done as part of cyphering and hashing and is used during key exchange
etc, but the actual application data being transported isn't compressed.
At least, that's how it seems to me from the digging I've just been
doing, though I want to look into it more.

AFAIK SSH isn't always compressed. It's only compressed if you pass the
"-C" flag, set -o Compression=yes, or add Compression=yes to .ssh/config
or /etc/ssh/ssh_config .

I'll admit being surprised, as it's widely stated that crypto is much
stronger if the data to be protected is compressed first. I guess the
CPU costs are significant enough that it's not widely done for bulk
data, though, only for the critical parts like negotiating and
exchanging the session key.

--
Craig Ringer

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Peter Hunsberger 2010-08-13 15:14:19 Re: ORM integration?
Previous Message Peter Hunsberger 2010-08-13 15:11:22 Re: ORM integration?