I am connecting to a Postgres instance using SSL and seeing fairly slow connect times. I would expect there would be some overhead but it's more than I anticipated. The connection is happening over a network. I am using a wildcard SSL certificate on the server side only.
Using one of these JDBC SSL connect strings takes on average: 1060 ms to connect to the database: jdbc:postgresql://db01-dev.pointclickcare.com:5432/testdb?ssl=true&sslmode=require&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory - or - jdbc:postgresql://db01-dev.pointclickcare.com:5432/testdb?ssl=true&sslmode=require&sslfactory=org.postgresql.ssl.NonValidatingFactory Using this JDBC non-SSL connect string takes on average: 190 ms to connect to the database: jdbc:postgresql://db01-dev.pointclickcare.com:5432/testdb Does this sound like a reasonable overhead that SSL would add to the connection time or does this seem high? (~870ms/~443% slower using SSL) I am using this Postgres version: PostgreSQL 9.4.1 on x86_64-unknown-linux-gnu, compiled by gcc (GCC) 4.4.7 20120313 (Red Hat 4.4.7-11), 64-bit The Postgres JDBC driver I am using is: postgresql-9.4-1201-jdbc41.jar My pg_hba.conf is below. Not sure DNS names so DNS lookups shouldn't be a problem although performing an nslookup on my client IP does return very quickly. I've also tried connecting Postgres both using a DNS and IP directly. # PostgreSQL Client Authentication Configuration File # =================================================== # TYPE DATABASE USER ADDRESS METHOD local all postgres trust local all all ident host all all 127.0.0.1/32 md5 host all all ::1/128 md5 hostssl testdb all 0.0.0.0/0 md5 hostssl testdb all ::1/128 md5 # "local" is for Unix domain socket connections only local all all peer log_hostname in postgresql.conf is off. I did a search on the forums and found some older posts. One suggested SSL compression is a culprit of slowdowns but I don't think that would apply to the connection time. Another says it could be the authentication that could be causing the slow down but changing md5 to either password or even trust made no difference to the connect time.