Обсуждение: JDBC compression over SSL
Hi,
I configure PostgreSQl 9.3 to use compression over SSL connection successfully (PG_Conn), but I am not able to find how to configure JDBC to use compression. I import server.crt (self-signed) in keystore and I can do a SSL connection successfully via JDBC but not compression.
I do not think there currently is a way to enable compression in the driver
anyone ?
On 5 January 2015 at 06:06, Edoardo Innocenti - SDB Information Technology Srl <edoardo.innocenti@tech.sdb.it> wrote:
This message is for the recipients only. If you receive it in error, please notify the sender and delete it together with any attachments. For any further information, including our privacy policy please refer to http://www.savinodelbene.com/privacy/Hi,
I configure PostgreSQl 9.3 to use compression over SSL connection successfully (PG_Conn), but I am not able to find how to configure JDBC to use compression. I import server.crt (self-signed) in keystore and I can do a SSL connection successfully via JDBC but not compression.
On 01/05/2015 09:39 PM, Dave Cramer wrote: > I do not think there currently is a way to enable compression in the driver > > anyone ? It'd have to be done by providing a custom SSLSocketFactory, which PgJDBC supports. I'm not sure that JSSE's SSL implementation supports SSL compression though. -- Craig Ringer http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services
A quick search turned up something, but it seems to have considerable rot
On 5 January 2015 at 08:49, Craig Ringer <craig@2ndquadrant.com> wrote:
On 01/05/2015 09:39 PM, Dave Cramer wrote:
> I do not think there currently is a way to enable compression in the driver
>
> anyone ?
It'd have to be done by providing a custom SSLSocketFactory, which
PgJDBC supports. I'm not sure that JSSE's SSL implementation supports
SSL compression though.
--
Craig Ringer http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
On 01/05/2015 09:51 PM, Dave Cramer wrote: > A quick search turned up something, but it seems to have considerable rot > https://svn.jfire.org/svn/main/old.stuff.about.to.be.deleted/org.nightlabs.rmissl/src/org/nightlabs/rmissl/socket/SSLCompressionSocketFactory.java > Yep... and I'm not sure it's actually doing SSL compression, rather than compression of the stream *inside* the SSL socket. -- Craig Ringer http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services
Craig Ringer <craig@2ndquadrant.com> writes:
> Yep... and I'm not sure it's actually doing SSL compression, rather than
> compression of the stream *inside* the SSL socket.
Worth noting here is that many/most people have abandoned use of SSL
compression because it is now known to render the stream more
decryptable. I do not know whether that objection also applies to
doing separate compression "inside the socket" as you put it.
regards, tom lane
On 5 January 2015 at 23:36, Tom Lane <tgl@sss.pgh.pa.us> wrote:
Craig Ringer <craig@2ndquadrant.com> writes:
> Yep... and I'm not sure it's actually doing SSL compression, rather than
> compression of the stream *inside* the SSL socket.
Worth noting here is that many/most people have abandoned use of SSL
compression because it is now known to render the stream more
decryptable. I do not know whether that objection also applies to
doing separate compression "inside the socket" as you put it.
Whether or not it does, if it's not actual SSL compression it won't interoperate with PostgreSQL - as you know, PostgreSQL doesn't support data stream compression on the socket.
Some people are trying to use SSL compression as a workaround for this. I think the real answer is probably to just add PostgreSQL protocol-level support for compression, rather than trying to (ab)use SSL for it.
--
Craig Ringer http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
Craig Ringer http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services