Magnus Hagander wrote: > > I don't understand why you want to change the default. Is it for > > performance? Has it been measured? > > > > > Yes. I've run into it multiple times, but I haven't specifically measured > it. But I've had more than one situation where turning it off has > completely removed a performance problem.
Here's a test case retrieving 133000 rows representing 100Mbytes of text, that shows a 4x slowdown with ssl. ssl_renegotiation_limit is set to 0 and the cache is warmed up by repeated executions. Without SSL: $ time psql -At "postgresql://localhost/mlists?sslmode=disable"\ -c "select subject from mail" -o /dev/null real 0m1.359s user 0m0.544s sys 0m0.084s With SSL: $ time psql -At "postgresql://localhost/mlists?sslmode=require"\ -c "select subject from mail" -o /dev/null real 0m5.395s user 0m1.080s sys 0m0.116s The CPU is Intel(R) Xeon(R) CPU E31230 @ 3.20GHz, OS is Debian7 with kernel 3.2.0-4. Personally I think that TLS for local networking is wrong as a default, and it's unfortunate that distros like Debian/Ubuntu end up using that. Best regards, -- Daniel Vérité PostgreSQL-powered mailer: http://www.manitou-mail.org Twitter: @DanielVerite -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
