Re: using ssl some of the time
| От | Bruce Momjian |
|---|---|
| Тема | Re: using ssl some of the time |
| Дата | |
| Msg-id | 200307231754.h6NHsFb03456@candle.pha.pa.us обсуждение исходный текст |
| Ответ на | Re: using ssl some of the time (Charles Hornberger <charlie@hss.caltech.edu>) |
| Ответы |
Re: using ssl some of the time
|
| Список | pgsql-admin |
Charles Hornberger wrote: > On Wed, 23 Jul 2003, Bruce Momjian wrote: > > Charles Hornberger wrote: > > > Am I right in interpreting this to mean that I either have to use SSL > > > all the time or none of the time? I'm especially tempted to believe > > > this might be the case after seeing this item in the "Clients" section > > > of http://developer.postgresql.org/todo.php: > > > > > > - Allow SSL-enabled clients to turn off SSL transfers > > > > > > Does that mean that, if SSL is enabled for the postmaster, the client > > > will always be forced to use SSL? Or is there something I need to do to > > > force the client to NOT use SSL? > > > > Right, it will use SSL if possible, so if both client and server are SSL > > enabled, SSL will be used. 7.4 will allow you to control that. > > Interesting. So, am I right in thinking that in 7.3.x, theoretically it'd > be possible to build the postgres backends with SSL support but the > clients -- and I guess libpq is really what I'm talking about here, since > normally I'm connecting via Python or PHP -- without it? And would an > SSL-enabled backend agree to talk to a SSL-disabled client? Yes, you could to it, but by default, libpq will have SSL compiled in it just like the backend, but if you created a non-ssl client, it would talk to the postmaster just fine, unless you have hostssl in pg_hba.conf. > As an aside: The only reason I'm worring about this is that sometimes my > client apps generate rather large query results and as far as I can tell, > the overhead of SSL encryption/decryption is slowing things down quite > noticeably in those cases. But I'm pretty ignorant about these matters, > and maybe SSL's not to blame (although I'd be hard pressed to explain the > difference in query performance between local and SSL-over-TCP connections > otherwise). Please let us know what you find from testing. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
В списке pgsql-admin по дате отправления: