From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | SSL compression info in psql header |
Date: | 2014-07-12 12:49:49 |
Message-ID: | CABUevEx_zFETGdMjar-Dk3JM6k6q7kf3ks254bCo5Vhe22ZdMg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
It's today really hard to figure out if your SSL connection is
actually *using* SSL compression. This got extra hard when we the
default value started getting influenced by environment variables at
least on many platforms after the crime attacks. ISTM we should be
making this easier for the user.
Attached patch adds compression info at least to the header of the
psql banner, as that's very non-intrusive. I think this is a small
enough change, yet very useful, that we should squeeze it into 9.4
before the next beta. Not sure if it can be qualified enough of a bug
to backpatch further than that though.
As far as my research shows, the function
SSL_get_current_compression() which it uses was added in OpenSSL
0.9.6, which is a long time ago (stopped being maintained in 2004).
AFAICT even RHEL *3* shipped with 0.9.7. So I think we can safely rely
on it, especially since we only check for whether it returns NULL or
not.
Comments?
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
Attachment | Content-Type | Size |
---|---|---|
psql_sslcompress.patch | text/x-patch | 628 bytes |
From | Date | Subject | |
---|---|---|---|
Next Message | Magnus Hagander | 2014-07-12 13:08:01 | SSL information view |
Previous Message | Magnus Hagander | 2014-07-12 12:23:34 | Re: Missing autocomplete for CREATE DATABASE |