Re: using ssl some of the time

Поиск
Список
Период
Сортировка
От Bruce Momjian
Тема Re: using ssl some of the time
Дата
Msg-id 200307231754.h6NHsFb03456@candle.pha.pa.us
обсуждение исходный текст
Ответ на Re: using ssl some of the time  (Charles Hornberger <charlie@hss.caltech.edu>)
Ответы Re: using ssl some of the time  (Charles Hornberger <charlie@hss.caltech.edu>)
Список pgsql-admin
Charles Hornberger wrote:
> On Wed, 23 Jul 2003, Bruce Momjian wrote:
> > Charles Hornberger wrote:
> > > Am I right in interpreting this to mean that I either have to use SSL
> > > all the time or none of the time?  I'm especially tempted to believe
> > > this might be the case after seeing this item in the "Clients" section
> > > of http://developer.postgresql.org/todo.php:
> > >
> > >    - Allow SSL-enabled clients to turn off SSL transfers
> > >
> > > Does that mean that, if SSL is enabled for the postmaster, the client
> > > will always be forced to use SSL? Or is there something I need to do to
> > > force the client to NOT use SSL?
> >
> > Right, it will use SSL if possible, so if both client and server are SSL
> > enabled, SSL will be used. 7.4 will allow you to control that.
>
> Interesting. So, am I right in thinking that in 7.3.x, theoretically it'd
> be possible to build the postgres backends with SSL support but the
> clients -- and I guess libpq is really what I'm talking about here, since
> normally I'm connecting via Python or PHP -- without it? And would an
> SSL-enabled backend agree to talk to a SSL-disabled client?

Yes, you could to it, but by default, libpq will have SSL compiled in it
just like the backend, but if you created a non-ssl client, it would
talk to the postmaster just fine, unless you have hostssl in
pg_hba.conf.

> As an aside: The only reason I'm worring about this is that sometimes my
> client apps generate rather large query results and as far as I can tell,
> the overhead of SSL encryption/decryption is slowing things down quite
> noticeably in those cases. But I'm pretty ignorant about these matters,
> and maybe SSL's not to blame (although I'd be hard pressed to explain the
> difference in query performance between local and SSL-over-TCP connections
> otherwise).

Please let us know what you find from testing.

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

В списке pgsql-admin по дате отправления:

Предыдущее
От: Reece Hart
Дата:
Сообщение: Re: [PERFORM] slow table updates
Следующее
От: Reece Hart
Дата:
Сообщение: Re: [PERFORM] slow table updates