On Wed, 23 Jul 2003, Bruce Momjian wrote:
> Charles Hornberger wrote:
> > Am I right in interpreting this to mean that I either have to use SSL
> > all the time or none of the time? I'm especially tempted to believe
> > this might be the case after seeing this item in the "Clients" section
> > of http://developer.postgresql.org/todo.php:
> >
> > - Allow SSL-enabled clients to turn off SSL transfers
> >
> > Does that mean that, if SSL is enabled for the postmaster, the client
> > will always be forced to use SSL? Or is there something I need to do to
> > force the client to NOT use SSL?
>
> Right, it will use SSL if possible, so if both client and server are SSL
> enabled, SSL will be used. 7.4 will allow you to control that.
Interesting. So, am I right in thinking that in 7.3.x, theoretically it'd
be possible to build the postgres backends with SSL support but the
clients -- and I guess libpq is really what I'm talking about here, since
normally I'm connecting via Python or PHP -- without it? And would an
SSL-enabled backend agree to talk to a SSL-disabled client?
As an aside: The only reason I'm worring about this is that sometimes my
client apps generate rather large query results and as far as I can tell,
the overhead of SSL encryption/decryption is slowing things down quite
noticeably in those cases. But I'm pretty ignorant about these matters,
and maybe SSL's not to blame (although I'd be hard pressed to explain the
difference in query performance between local and SSL-over-TCP connections
otherwise).
-Charlie