On 11/08/2011 12:39 PM, Tom Lane wrote:
> Jeroen Vermeulen<jtv@xs4all.nl> writes:
>> Another reason why I believe compression is often used with encryption
>> is to maximize information content per byte of data: harder to guess,
>> harder to crack. Would that matter?
> Yes, it would. There's a reason why the OpenSSL default is what it is.
>
>
An interesting data point on this is that RedHat's nss_compat_ossl
package doesn't support SSL compression at all
<http://fedoraproject.org/wiki/Nss_compat_ossl>, and it's supposed to be
a path to FIPS 140 compliance:
<http://fedoraproject.org/wiki/FedoraCryptoConsolidation>. The latter
URL, incidentally, contains a lot of good information, and lays out many
of the reasons why I'd like to see us support NSS as an alternative to
OpenSSL, notwithstanding the supposed dirtiness of its API. I imagine
this would be of interest to commercial Postgres vendors also.
cheers
andrew