From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Maciek Sakrejda <maciek(at)heroku(dot)com>, "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: sslcompression / PGSSLCOMPRESSION not behaving as documented? |
Date: | 2015-01-16 17:22:36 |
Message-ID: | CABUevExfv0Fo7S5Ro7jbFojX+cDSKAY7q0dB0iLwa=3JmRmt4w@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Fri, Jan 16, 2015 at 8:41 AM, Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>
wrote:
> On 01/16/2015 08:30 AM, Tom Lane wrote:
>
>> Maciek Sakrejda <maciek(at)heroku(dot)com> writes:
>>
>>> I'm having a hard time getting SSL compression working (or even figuring
>>> out why it's not working) with my local Postgres server. The setting [1]
>>> is
>>> documented to default to on, but according to the banner when I connect
>>> with psql, it's off.
>>>
>>
>> Possibly you have the same type of problem mentioned here:
>>
>> http://www.postgresql.org/message-id/CABUevEytxEQtbMeuKpJ8tYjeeB37m
>> zDQ7BASzEZN6EgcGrdZxA(at)mail(dot)gmail(dot)com
>>
>
> Yes that would seem to be the issue:
>
> https://launchpad.net/ubuntu/trusty/+source/openssl/+changelog
>
> openssl (1.0.1e-3ubuntu1)
>
> Disable compression to avoid CRIME systemwide (CVE-2012-4929).
>
>
>
>> although Ubuntu may well have done it a bit differently than Red Hat,
>> ie the way to override openssl's default behavior might be different.
>>
>> regards, tom lane
>>
>>
>>
There's been a few reports on this now. Perhaps we should add a note to the
docs (not necessarily saying how to fix it, as it may differ, but a note
saying that many distributions changed the way this is handled and that you
might need to set an external override)?
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2015-01-16 17:42:10 | Re: sslcompression / PGSSLCOMPRESSION not behaving as documented? |
Previous Message | Adrian Klaver | 2015-01-16 16:41:54 | Re: sslcompression / PGSSLCOMPRESSION not behaving as documented? |