| From: | Krystian Bigaj <krystian(dot)bigaj(at)gmail(dot)com> |
|---|---|
| To: | Terence Ferraro <terencejferraro(at)gmail(dot)com> |
| Cc: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: SSL Compression - doesn't work? |
| Date: | 2014-05-08 18:07:01 |
| Message-ID: | CAN=kAeHG-oZsc=bH3XtSgcEO7uLAq2KuvWbNL2wGW+cSdfFH=w@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Thanks! That would make sense why it doesn't work on Windows.
Do you know why PG build for Windows ships zlib support enabled for PG
(mostly pg_dump/pg_restore) but disabled for OpenSSL?
Best regards,
Krystian Bigaj
On 8 May 2014 17:28, Terence Ferraro <terencejferraro(at)gmail(dot)com> wrote:
> You mentioned you are using the Windows version; unless something has
> changed recently in their build process, the included openssl library is
> not linked against zlib and therefore compression is not possible unless
> you recompile the Windows version yourself.
>
>
> *Terence J. Ferraro*
>
> On Thu, May 8, 2014 at 9:36 AM, Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>wrote:
>
>> On 05/08/2014 01:22 AM, Krystian Bigaj wrote:
>>
>>> Hi,
>>>
>>> I'm wondering how, and if SSL compression works correctly.
>>>
>>> Here is how I tested it:
>>> - PostgreSQL 9.3.4 x86 on Windows 7 x64
>>> - .crt/.key files by openssl, and placed in database cluster folder
>>> - postgres.exe ran with: --ssl="on" --ssl_cert_file="test.crt"
>>> --ssl_key_file="test.key"
>>> - connection made by pgadmin with SSL=prefer, SSL Compression=True
>>> - when connected I see in properties: Encryptions=SSL encrypted, SSL
>>> Compression=yes
>>> - I've dumped TCP transfer and I can tell that data is encrypted
>>>
>>> Now when I run query like:
>>> SELECT lpad('', 1024*1024, 'A')
>>>
>>> then I see that there is a TCP transfer of 1,01MB (so 1MB of string
>>> data, and some pg header/data).
>>>
>>> If I turn off SSL Compression data transfer between postgres and pgadmin
>>> is still 1,01MB (but in properties I see SSL Compression=no)
>>>
>>> It looks like SSL compression doesn't work, or am I missing something?
>>>
>>
>> http://www.postgresql.org/docs/9.3/static/libpq-connect.html
>>
>> sslcompression
>>
>> If set to 1 (default), data sent over SSL connections will be
>> compressed (this requires OpenSSL version 0.9.8 or later). If set to 0,
>> compression will be disabled (this requires OpenSSL 1.0.0 or later). This
>> parameter is ignored if a connection without SSL is made, or if the version
>> of OpenSSL used does not support it.
>>
>> So what version of OpenSSL are you using?
>>
>>
>>> Best regards,
>>> Krystian Bigaj
>>>
>>
>>
>> --
>> Adrian Klaver
>> adrian(dot)klaver(at)aklaver(dot)com
>>
>>
>> --
>> Sent via pgsql-general mailing list (pgsql-general(at)postgresql(dot)org)
>> To make changes to your subscription:
>> http://www.postgresql.org/mailpref/pgsql-general
>>
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jay at Verizon | 2014-05-08 19:36:47 | Pgpool starting problem |
| Previous Message | Andrus | 2014-05-08 17:37:10 | Re: How to fix lost synchronization with server |