On Mon, Mar 21, 2005 at 12:45:21PM -0500, Greg Stark wrote: > Bruce Momjian <pgman@candle.pha.pa.us> writes: > > > > No, unless SSL compresses automatically. > > Without checking the source, I'll bet it does. > Any good encryption system should compress first.
I just ran some tests and it doesn't look like OpenSSL does compression by default, at least not with my setup (PostgreSQL 8.0.1, FreeBSD 4.11-STABLE, OpenSSL 0.9.7d from the FreeBSD source tree). Here's what I did: CREATE TABLE foo (t text); INSERT INTO foo VALUES (repeat('x', 1000)); SELECT * FROM foo; I'm assuming that the 1000 x's could be compressed to a much shorter sequence. Here are tcpdumps of the SELECT over various connection types: Non-SSL PostgreSQL connection: 127.0.0.1.2521 > 127.0.0.1.5480: P 76:100(24) ack 262 win 57344 127.0.0.1.5480 > 127.0.0.1.2521: P 262:1318(1056) ack 100 win 57344 SSL PostgreSQL connection (cipher: DHE-RSA-AES256-SHA, bits: 256) 127.0.0.1.1459 > 127.0.0.1.5480: P 1372:1462(90) ack 2540 win 57344 127.0.0.1.5480 > 127.0.0.1.1459: P 2540:3670(1130) ack 1462 win 57344 Non-SSL PostgreSQL connection over uncompressed SSH tunnel: 127.0.0.1.3165 > 127.0.0.1.22: P 4480:4544(64) ack 5728 win 57344 127.0.0.1.22 > 127.0.0.1.3165: P 5728:6824(1096) ack 4544 win 57344 Non-SSL PostgreSQL connection over compressed SSH tunnel (compression level 6): 127.0.0.1.3767 > 127.0.0.1.22: P 3632:3688(56) ack 5104 win 57344 127.0.0.1.22 > 127.0.0.1.3767: P 5104:5192(88) ack 3688 win 57344 Only the last case, a PostgreSQL connection over a compressed SSH tunnel, showed any compression in the response. It looks like OpenSSL supports compression but the application has to enable it: http://www.openssl.org/docs/ssl/SSL_COMP_add_compression_method.html -- Michael Fuhr http://www.fuhr.org/~mfuhr/ ---------------------------(end of broadcast)--------------------------- TIP 9: the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match