Quick Links

pgsql: Remove support for SSL compression

From:	Michael Paquier <michael(at)paquier(dot)xyz>
To:	pgsql-committers(at)lists(dot)postgresql(dot)org
Subject:	pgsql: Remove support for SSL compression
Date:	2021-03-09 02:18:52
Message-ID:	E1lJRxU-00051U-47@gemulon.postgresql.org
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-committers

Remove support for SSL compression

PostgreSQL disabled compression as of e3bdb2d and the documentation
recommends against using it since. Additionally, SSL compression has
been disabled in OpenSSL since version 1.1.0, and was disabled in many
distributions long before that. The most recent TLS version, TLSv1.3,
disallows compression at the protocol level.

This commit removes the feature itself, removing support for the libpq
parameter sslcompression (parameter still listed for compatibility
reasons with existing connection strings, just ignored), and removes
the equivalent field in pg_stat_ssl and de facto PgBackendSSLStatus.

Note that, on top of removing the ability to activate compression by
configuration, compression is actively disabled in both frontend and
backend to avoid overrides from local configurations.

A TAP test is added for deprecated SSL parameters to check after
backwards compatibility.

Bump catalog version.

Author: Daniel Gustafsson
Reviewed-by: Peter Eisentraut, Magnus Hagander, Michael Paquier
Discussion: https://postgr.es/m/7E384D48-11C5-441B-9EC3-F7DB1F8518F6@yesql.se

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/f9264d1524baa19e4a0528f033681ef16f61b137

Modified Files
--------------
contrib/postgres_fdw/expected/postgres_fdw.out | 3 +--
contrib/postgres_fdw/sql/postgres_fdw.sql | 1 -
doc/src/sgml/libpq.sgml | 33 ++---------------------
doc/src/sgml/monitoring.sgml | 10 -------
src/backend/catalog/system_views.sql | 1 -
src/backend/libpq/be-secure-openssl.c | 12 +++------
src/backend/postmaster/pgstat.c | 1 -
src/backend/utils/adt/pgstatfuncs.c | 36 ++++++++++++--------------
src/backend/utils/init/postinit.c | 5 ++--
src/bin/psql/command.c | 7 ++---
src/include/catalog/catversion.h | 2 +-
src/include/catalog/pg_proc.dat | 6 ++---
src/include/libpq/libpq-be.h | 1 -
src/include/pgstat.h | 1 -
src/interfaces/libpq/fe-connect.c | 11 ++++----
src/interfaces/libpq/fe-secure-openssl.c | 15 +++++------
src/interfaces/libpq/libpq-int.h | 1 -
src/test/regress/expected/rules.out | 9 +++----
src/test/ssl/t/001_ssltests.pl | 17 ++++++++----
19 files changed, 60 insertions(+), 112 deletions(-)

Responses

Re: pgsql: Remove support for SSL compression at 2021-03-09 03:26:15 from Michael Paquier

Browse pgsql-committers by date

	From	Date	Subject
Next Message	Michael Paquier	2021-03-09 03:26:15	Re: pgsql: Remove support for SSL compression
Previous Message	Tom Lane	2021-03-08 23:55:05	pgsql: Properly mark pg_stat_get_subscription() as returning a set.