Re: SSL Compression - doesn't work?

From: Terence Ferraro <terencejferraro(at)gmail(dot)com>
To: Krystian Bigaj <krystian(dot)bigaj(at)gmail(dot)com>
Cc: "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org>
Subject: Re: SSL Compression - doesn't work?
Date: 2014-05-08 15:28:40
Message-ID: CAEghcWDmbQLsbypf0bTTdwgYN2b-4rtDqVewS2idoHL+V1SxrA@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

You mentioned you are using the Windows version; unless something has
changed recently in their build process, the included openssl library is
not linked against zlib and therefore compression is not possible unless
you recompile the Windows version yourself.

*Terence J. Ferraro*

On Thu, May 8, 2014 at 9:36 AM, Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>wrote:

> On 05/08/2014 01:22 AM, Krystian Bigaj wrote:
>
>> Hi,
>>
>> I'm wondering how, and if SSL compression works correctly.
>>
>> Here is how I tested it:
>> - PostgreSQL 9.3.4 x86 on Windows 7 x64
>> - .crt/.key files by openssl, and placed in database cluster folder
>> - postgres.exe ran with: --ssl="on" --ssl_cert_file="test.crt"
>> --ssl_key_file="test.key"
>> - connection made by pgadmin with SSL=prefer, SSL Compression=True
>> - when connected I see in properties: Encryptions=SSL encrypted, SSL
>> Compression=yes
>> - I've dumped TCP transfer and I can tell that data is encrypted
>>
>> Now when I run query like:
>> SELECT lpad('', 1024*1024, 'A')
>>
>> then I see that there is a TCP transfer of 1,01MB (so 1MB of string
>> data, and some pg header/data).
>>
>> If I turn off SSL Compression data transfer between postgres and pgadmin
>> is still 1,01MB (but in properties I see SSL Compression=no)
>>
>> It looks like SSL compression doesn't work, or am I missing something?
>>
>
> http://www.postgresql.org/docs/9.3/static/libpq-connect.html
>
> sslcompression
>
> If set to 1 (default), data sent over SSL connections will be
> compressed (this requires OpenSSL version 0.9.8 or later). If set to 0,
> compression will be disabled (this requires OpenSSL 1.0.0 or later). This
> parameter is ignored if a connection without SSL is made, or if the version
> of OpenSSL used does not support it.
>
> So what version of OpenSSL are you using?
>
>
>> Best regards,
>> Krystian Bigaj
>>
>
>
> --
> Adrian Klaver
> adrian(dot)klaver(at)aklaver(dot)com
>
>
> --
> Sent via pgsql-general mailing list (pgsql-general(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-general
>

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message tuanhoanganh 2014-05-08 15:36:25 Re: Oracle to PostgreSQL replication
Previous Message Adrian Klaver 2014-05-08 14:49:25 Re: Server process crash - Segmentation fault