Re: sslmode=require fallback

Поиск
Список
Период
Сортировка
От Magnus Hagander
Тема Re: sslmode=require fallback
Дата
Msg-id CABUevEynJrohfSZ6yLg9-Mzt6EgHP2fMb40GXYM7wma2HHfWkg@mail.gmail.com
обсуждение исходный текст
Ответ на Re: sslmode=require fallback  (Peter Eisentraut <peter.eisentraut@2ndquadrant.com>)
Ответы Re: sslmode=require fallback  ("Daniel Verite" <daniel@manitou-mail.org>)
Список pgsql-hackers
Дерево обсуждения


On Tue, Jul 19, 2016 at 10:57 PM, Peter Eisentraut <peter.eisentraut@2ndquadrant.com> wrote:
On 7/19/16 3:32 PM, Magnus Hagander wrote:
> There are definitely cases where it's useful. I'm only arguing for
> changing the default.

I don't understand why you want to change the default.  Is it for
performance?  Has it been measured?


Yes. I've run into it multiple times, but I haven't specifically measured it. But I've had more than one situation where turning it off has completely removed a performance problem.

I've only seen it in apps without proper connection pooling. It's the negotiation of new sessions that's expensive, not actually encrypting the data.

Most people definitely don't run into it, because most people don't use localhost when they're local - they use the Unix socket. But for example a locally running java application will be using localhost.

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Greg Stark
Дата:
Сообщение: Re: sslmode=require fallback
Следующее
От: Amit Kapila
Дата:
Сообщение: Re: [BUG] pg_basebackup from disconnected standby fails