Re: SSL Compression doesn't work

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jan 2, 2015 at 4:39 PM, Edoardo Innocenti - SDB Information Technology Srl <edoardo.innocenti@xxxxxxxxxxx> wrote:

Hi,

I try to reduce bandwith use with ssl and compression. I create a test with:

 

1.       CentOS release 6.6 (Final )x86_64

a.       openssl-1.0.1e-30.el6_6.4.x86_64

b.      kernel-2.6.32-504.1.3.el6.x86_64

 

2.       PostgreSQL 9.3.5

a.       postgresql93-libs-9.3.5-1PGDG.rhel6.x86_64

b.      postgresql93-contrib-9.3.5-1PGDG.rhel6.x86_64

c.       postgresql93-9.3.5-1PGDG.rhel6.x86_64

d.      postgresql93-server-9.3.5-1PGDG.rhel6.x86_64

 

I configure a postgresql with SSL (http://www.postgresql.org/docs/9.3/static/ssl-tcp.htm), with self-signed certificate.

All work fine for SSL, but when I try to use the compression I didn’t find any difference monitoring traffic with tcdump.

 

These commands has the same network load (~1.1MB)

·         psql "user=USER  password=PASS host=HOST dbname=postgres sslmode=require sslcompression=1" -c "SELECT lpad('', 1024*1024, 'A');"

·         psql "user=USER  password=PASS host=HOST dbname=postgres sslmode=require sslcompression=0" -c "SELECT lpad('', 1024*1024, 'A');"

·         psql "user=USER  password=PASS host=HOST dbname=postgres sslmode=disable" -c "SELECT lpad('', 1024*1024, 'A');"



I believe this is because your distribution has decided to turn of SSL compression by default, and require you to set the  OPENSSL_DEFAULT_ZLIB variable to turn it back on. See https://bugzilla.redhat.com/show_bug.cgi?id=857051 and https://rhn.redhat.com/errata/RHSA-2013-0587.html.

You need to set this variable both for the server and the client.

--

[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux