On 06/07/2016 12:18 PM, Magnus Hagander wrote: > Intersting. Can you check with a network trace that it actually turns > off ssl, so nothing is broken there? > > One thing that could be taking the time is an extra roundtrip -- e.g. it > tries to connect with ssl fails and retries without. A network trace > should also make this obvious, and can hopefully show you exactly where > in the connection the time is spent.
I think this is to be expected given that the backend code initializes the TLS connection before it looks at anything in pg_hba.conf. The TLS connection setup is done when calling BackendInitialize() which happens very early in the life of a backend.
I am not familiar enough with this part of the code to know if there is a reasonable way to fix this.
Andreas -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers