Search Postgresql Archives

Re: sslcompression / PGSSLCOMPRESSION not behaving as documented?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jan 16, 2015 at 08:41:54AM -0800, Adrian Klaver wrote:
> Yes that would seem to be the issue:
> 
> https://launchpad.net/ubuntu/trusty/+source/openssl/+changelog
> 
> openssl (1.0.1e-3ubuntu1)
> 
> Disable compression to avoid CRIME systemwide (CVE-2012-4929).

FWIW, it's likely that the next version of TLS (version 1.3, see[1])
will no longer support compression at all.  The concensus appears to be
that this is the wrong level to be applying compression.

Since the only way to get compression currently in Postgres is via TLS,
perhaps we should look at supporting compression natively in future
protocol versions.

It will take a while for TLS 1.3 to be deployed so there's time, but
PostgreSQL protocol revisions go at a similar pace.

Have a nice day,

[1] https://github.com/tlswg/tls13-spec
-- 
Martijn van Oosterhout   <kleptog@xxxxxxxxx>   http://svana.org/kleptog/
> He who writes carelessly confesses thereby at the very outset that he does
> not attach much importance to his own thoughts.
   -- Arthur Schopenhauer

Attachment: signature.asc
Description: Digital signature


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux