Home > mailing lists

Re: disable SSL compression? - Mailing list pgsql-hackers

From	Claudio Freire
Subject	Re: disable SSL compression?
Date	March 8, 2018 22:23:07
Msg-id	CAGTBQpaQJ_fCefiNmuP18drS+r7BxtCD8hR3jEB_ScsE64nZmQ@mail.gmail.com Whole thread Raw
In response to	disable SSL compression? (Peter Eisentraut <peter.eisentraut@2ndquadrant.com>)
Responses	Re: disable SSL compression? Re: disable SSL compression?
List	pgsql-hackers

Tree view

On Thu, Mar 8, 2018 at 3:40 PM, Peter Eisentraut
<peter.eisentraut@2ndquadrant.com> wrote:
> It appears that SSL compression is nowadays deprecated as insecure.
> Yet, it is still enabled by libpq by default, and there is no way to
> disable it in the server.  Should we make some changes here?  Does
> anyone know more about this?

Even if libpq enables it, it has to be enabled both in the client and
the server for it to work.

OpenSSL disables the whole feature by default, and enabling it is
rather cumbersome. The result is that, at least with OpenSSL, the
server and client won't accept compression without extensive fiddling
by the user.

So I don't think libpq has to change anything here.

pgsql-hackers by date:

From: Peter Eisentraut
Date: 08 March 2018, 22:19:55
Subject: Re: Handling better supported channel binding types for SSLimplementations

From: Tom Lane
Date: 08 March 2018, 22:25:59
Subject: Re: [HACKERS] Restrict concurrent update/delete with UPDATE of partition key

Re: disable SSL compression? - Mailing list pgsql-hackers

Previous

Next