On 3/8/18 14:23, Claudio Freire wrote: > On Thu, Mar 8, 2018 at 3:40 PM, Peter Eisentraut > <peter.eisentr...@2ndquadrant.com> wrote: >> It appears that SSL compression is nowadays deprecated as insecure. >> Yet, it is still enabled by libpq by default, and there is no way to >> disable it in the server. Should we make some changes here? Does >> anyone know more about this? > > Even if libpq enables it, it has to be enabled both in the client and > the server for it to work. > > OpenSSL disables the whole feature by default, and enabling it is > rather cumbersome. The result is that, at least with OpenSSL, the > server and client won't accept compression without extensive fiddling > by the user.
But however that may be, libpq appears to enable it by default. This is what I get from psql: SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: on) -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
