On Thu, Mar 8, 2018 at 3:40 PM, Peter Eisentraut <peter.eisentr...@2ndquadrant.com> wrote: > It appears that SSL compression is nowadays deprecated as insecure. > Yet, it is still enabled by libpq by default, and there is no way to > disable it in the server. Should we make some changes here? Does > anyone know more about this?
Even if libpq enables it, it has to be enabled both in the client and the server for it to work. OpenSSL disables the whole feature by default, and enabling it is rather cumbersome. The result is that, at least with OpenSSL, the server and client won't accept compression without extensive fiddling by the user. So I don't think libpq has to change anything here.
