Re: slower connect from hostnossl clients

2016-06-07 12:18 GMT+02:00 Magnus Hagander <magnus(at)hagander(dot)net>:

>
>
> On Tue, Jun 7, 2016 at 11:31 AM, Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com>
> wrote:
>
>>
>>
>> 2016-06-07 11:29 GMT+02:00 Magnus Hagander <magnus(at)hagander(dot)net>:
>>
>>>
>>>
>>> On Tue, Jun 7, 2016 at 11:24 AM, Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com>
>>> wrote:
>>>
>>>> Hi
>>>>
>>>> I am testing speed of connection to Postgres.
>>>>
>>>> The ssl connection is slower, and it is expected. But when I configure
>>>> pg_hba.conf to disable ssl via hostnossl, then ssl is not used, but the
>>>> speed is similar to ssl.
>>>>
>>>> Is it expected behave?
>>>>
>>>>
>>> That's definitely not expected behavior. hostnossl should turn off ssl
>>> which should turn off the overhead completely. Does it make a difference if
>>> you also disable it from the client side?
>>>
>>
>> When I explicitly disabled ssl, then I seen significantly less time
>>
>>
> Intersting. Can you check with a network trace that it actually turns off
> ssl, so nothing is broken there?
>

I tested it on local only. The difference is +/- 5-10 ms, but it is well
visible

My customer tested it on network, but on Windows, and there difference is
about 100ms

Pavel

>
> One thing that could be taking the time is an extra roundtrip -- e.g. it
> tries to connect with ssl fails and retries without. A network trace should
> also make this obvious, and can hopefully show you exactly where in the
> connection the time is spent.
>

See attached log

My pg_hba.conf

# TYPE DATABASE USER ADDRESS METHOD

# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:

hostnossl all all 10.151.1.41/32
trust
# IPv6 local connections:
host all all ::1/128 trust

connection string
host=10.151.1.41 port=5432 dbname=postgres user=pavel

Regards

Pavel

>
>
> --
> Magnus Hagander
> Me: http://www.hagander.net/
> Work: http://www.redpill-linpro.com/
>