Hi, On 2018-03-30 15:53:39 +0300, Konstantin Knizhnik wrote: > Taken in account that vulnerability was found in SSL compression and so > SSLComppression is considered to be deprecated and insecure > (http://www.postgresql-archive.org/disable-SSL-compression-td6010072.html), > it will be nice to have some alternative mechanism of reducing libpq > traffic. > > I have implemented some prototype implementation of it (patch is attached). > To use zstd compression, Postgres should be configured with --with-zstd. > Otherwise compression will use zlib unless it is disabled by --without-zlib > option. > I have added compression=on/off parameter to connection string and -Z option > to psql and pgbench utilities. > Below are some results:
I think compression is pretty useful, and I'm not convinced that the threat model underlying the attacks on SSL really apply to postgres. But having said that, have you done any analysis of whether your implementation has the same issues? Greetings, Andres Freund
