Re: disable SSL compression?

On March 28, 2018 4:15:02 PM PDT, Peter Eisentraut <peter.eisentraut@2ndquadrant.com> wrote:
>On 3/28/18 13:26, Konstantin Knizhnik wrote:
>> If SSL compression is deprecated, should we provide own compression?
>> I have implemented some prototype implementation of it (patch is
>attached).
>> I have added compression=on/off parameter to connection string and -Z
>> option to psql and pgbench utilities.
>
>What I'd like to see here is extensive protocol documentation that
>describes the compression method negotiation, and the interaction with
>SSL, and a test suite to support that.
>
>Maybe start a new thread.

+analysis of whether that's safe to do from a cryptographic POV. There's a reason compression has been disabled for
justabout all SSL/TLS libraries. 

Andres
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.