Re: slower connect from hostnossl clients

On 06/07/2016 12:18 PM, Magnus Hagander wrote:> Intersting. Can you check with a network trace that it actually turns>
offssl, so nothing is broken there?>> One thing that could be taking the time is an extra roundtrip -- e.g. it> tries
toconnect with ssl fails and retries without. A network trace> should also make this obvious, and can hopefully show
youexactly where> in the connection the time is spent.
 

I think this is to be expected given that the backend code initializes 
the TLS connection before it looks at anything in pg_hba.conf. The TLS 
connection setup is done when calling BackendInitialize() which happens 
very early in the life of a backend.

I am not familiar enough with this part of the code to know if there is 
a reasonable way to fix this.

Andreas