| From: | Andreas Karlsson <andreas(at)proxel(dot)se> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net>, Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: slower connect from hostnossl clients |
| Date: | 2016-06-07 10:41:17 |
| Message-ID: | 5756A4CD.50108@proxel.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 06/07/2016 12:18 PM, Magnus Hagander wrote:
> Intersting. Can you check with a network trace that it actually turns
> off ssl, so nothing is broken there?
>
> One thing that could be taking the time is an extra roundtrip -- e.g. it
> tries to connect with ssl fails and retries without. A network trace
> should also make this obvious, and can hopefully show you exactly where
> in the connection the time is spent.
I think this is to be expected given that the backend code initializes
the TLS connection before it looks at anything in pg_hba.conf. The TLS
connection setup is done when calling BackendInitialize() which happens
very early in the life of a backend.
I am not familiar enough with this part of the code to know if there is
a reasonable way to fix this.
Andreas
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2016-06-07 10:42:57 | Re: slower connect from hostnossl clients |
| Previous Message | Amit Langote | 2016-06-07 10:37:09 | Re: [sqlsmith] Failed assertion in postgres_fdw/deparse.c:1116 |