Re: sslcompression / PGSSLCOMPRESSION not behaving as documented?

On Fri, Jan 16, 2015 at 8:41 AM, Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>
wrote:

> On 01/16/2015 08:30 AM, Tom Lane wrote:
>
>> Maciek Sakrejda <maciek(at)heroku(dot)com> writes:
>>
>>> I'm having a hard time getting SSL compression working (or even figuring
>>> out why it's not working) with my local Postgres server. The setting [1]
>>> is
>>> documented to default to on, but according to the banner when I connect
>>> with psql, it's off.
>>>
>>
>> Possibly you have the same type of problem mentioned here:
>>
>> http://www.postgresql.org/message-id/CABUevEytxEQtbMeuKpJ8tYjeeB37m
>> zDQ7BASzEZN6EgcGrdZxA(at)mail(dot)gmail(dot)com
>>
>
> Yes that would seem to be the issue:
>
> https://launchpad.net/ubuntu/trusty/+source/openssl/+changelog
>
> openssl (1.0.1e-3ubuntu1)
>
> Disable compression to avoid CRIME systemwide (CVE-2012-4929).
>
>
>
>> although Ubuntu may well have done it a bit differently than Red Hat,
>> ie the way to override openssl's default behavior might be different.
>>
>> regards, tom lane
>>
>>
>>

There's been a few reports on this now. Perhaps we should add a note to the
docs (not necessarily saying how to fix it, as it may differ, but a note
saying that many distributions changed the way this is handled and that you
might need to set an external override)?

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/