Bruce Momjian wrote: > Craig Ringer wrote: > >> On 13/08/2010 9:31 PM, Bruce Momjian wrote: >> >>> Karl Denninger wrote: >>> >>>> I may be blind - I don't see a way to enable this. OpenSSL "kinda" >>>> supports this - does Postgres' SSL connectivity allow it to be >>>> supported/enabled? >>>> >>> What are you asking, exactly? >>> >> As far as I can tell they're asking for transport-level compression, >> using gzip or similar, in much the same way as SSL/TLS currently >> provides transport-level encryption. Compression at the postgresql >> protocol level or above, so it's invisible at the level of the libpq >> APIs for executing statements and processing results, and doesn't change >> SQL processing. >> >> Since remote access is often combined with SSL, which is already >> supported by libpq, using SSL-integrated compression seems pretty >> promising if it's viable in practice. It'd avoid the pain of having to >> add compression to the Pg protocol by putting it "outside" the current >> protocol, in the SSL layer. Even better, compressing results before >> encrypting them makes the encrypted traffic *much* stronger against >> known-plaintext and pattern-based attacks. And, of course, compressing >> the content costs CPU time but reduces the amount of data that must then >> be compressed. >> >> OpenSSL does provide some transparent crypto support. See: >> http://www.openssl.org/docs/ssl/SSL_COMP_add_compression_method.html >> > > I thought all SSL traffic was compressed, unless you turned that off. > It is just SSH that is always compressed? > SSL is NOT always compressed at the data level. SSH is if you ask for it, but by default SSL is NOT.
This is a common (and false) belief. -- Karl
<<attachment: karl.vcf>>
-- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general