Sun, Mar 11, 2018 at 12:36 AM, Peter Eisentraut < peter.eisentr...@2ndquadrant.com> wrote:
> On 3/9/18 09:06, Magnus Hagander wrote: > > What platform does that actually work out of the box on? I have > > customers who actively want to use it (for compression, not security -- > > replication across limited and metered links), and the amount of > > workarounds they have to put in place OS level to get it working is > > increasingly complicated. > > It was disabled in OpenSSL 1.1.0: > I am not talking about the OpenSSL disabling it. It was disabled on most *distributions* years ago, long before that commit. Which is why I'm still curious as to what platform you actually got it enabled by default on... Like the stuff here: https://www.postgresql.org/message-id/flat/CAKwe89Cj7KQ3BZDoUXLF5KBZ8X6icKXHi2Y1mDzTut3PNrH2VA%40mail.gmail.com *) CRIME protection: disable compression by default, even if OpenSSL is > compiled with zlib enabled. Applications can still enable compression > by calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by > using the SSL_CONF library to configure compression. > [Emilia Käsper] > > So for your purposes, you could add a server option to turn it back on. Such a server option would also be useful for those users who are using > OpenSSL <1.1.0 and want to turn off compression on the server side. > > We'd probably have to put in the distribution specific workarounds like mentioned above to make it actually useful for that. -- Magnus Hagander Me: https://www.hagander.net/ <http://www.hagander.net/> Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>