Tom Lane wrote:
> Linos <info@linos.es> writes:
>> Tom Lane escribió:
>>> That's just weird --- ssl off should be ssl off no matter which knob you
>>> use to turn it off. Are you sure it's really off in the slow connections?
>
>> Maybe i am missing something, i use the same command to connect to it
>> from localhost "psql -d database -h localhost" and in the pcap files i
>> have captured the protocol it is clear (with "ssl = false" or "ssl =
>> true" either), but in the debian machine with "ssl = true" in
>> postgresql.conf you can see in the pcap file big time jumps between
>> data packets, psql commandline enables automatically ssl if the server
>> supports it?
>
> Yeah, the default behavior is to do SSL if supported; see PGSSLMODE.
> Non-TCP connections never do SSL, though. One possibility to check
> is that one of the two distros has altered the default value of
> PGSSLMODE.
IIRC, debian ships with a default certificate for the postgres
installation, so it can actually *use* SSL by default. I don't know if
other distros do that - I think most require you to actually create a
certificate yourself.
//Magnus