Search Postgresql Archives

Re: sslcompression / PGSSLCOMPRESSION not behaving as documented?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Jan 16, 2015 at 8:41 AM, Adrian Klaver <adrian.klaver@xxxxxxxxxxx> wrote:
On 01/16/2015 08:30 AM, Tom Lane wrote:
Maciek Sakrejda <maciek@xxxxxxxxxx> writes:
I'm having a hard time getting SSL compression working (or even figuring
out why it's not working) with my local Postgres server. The setting [1] is
documented to default to on, but according to the banner when I connect
with psql, it's off.

Possibly you have the same type of problem mentioned here:

http://www.postgresql.org/message-id/CABUevEytxEQtbMeuKpJ8tYjeeB37mzDQ7BASzEZN6EgcGrdZxA@mail.gmail.com

 Yes that would seem to be the issue:

https://launchpad.net/ubuntu/trusty/+source/openssl/+changelog

openssl (1.0.1e-3ubuntu1)

Disable compression to avoid CRIME systemwide (CVE-2012-4929).



although Ubuntu may well have done it a bit differently than Red Hat,
ie the way to override openssl's default behavior might be different.

                        regards, tom lane




There's been a few reports on this now. Perhaps we should add a note to the docs (not necessarily saying how to fix it, as it may differ, but a note saying that many distributions changed the way this is handled and that you might need to set an external override)?

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux