| From: | Craig Ringer <craig(at)postnewspapers(dot)com(dot)au> |
|---|---|
| To: | Bruce Momjian <bruce(at)momjian(dot)us> |
| Cc: | Karl Denninger <karl(at)denninger(dot)net>, Postgres General <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Compression on SSL links? |
| Date: | 2010-08-13 15:12:46 |
| Message-ID: | 4C6560EE.1070606@postnewspapers.com.au |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 13/08/2010 10:50 PM, Bruce Momjian wrote:
> I thought all SSL traffic was compressed, unless you turned that off.
> It is just SSH that is always compressed?
Frankly, I thought all SSL traffic was compressed too, but the reading
I've just been doing suggests otherwise. It looks like compression *is*
done as part of cyphering and hashing and is used during key exchange
etc, but the actual application data being transported isn't compressed.
At least, that's how it seems to me from the digging I've just been
doing, though I want to look into it more.
AFAIK SSH isn't always compressed. It's only compressed if you pass the
"-C" flag, set -o Compression=yes, or add Compression=yes to .ssh/config
or /etc/ssh/ssh_config .
I'll admit being surprised, as it's widely stated that crypto is much
stronger if the data to be protected is compressed first. I guess the
CPU costs are significant enough that it's not widely done for bulk
data, though, only for the critical parts like negotiating and
exchanging the session key.
--
Craig Ringer
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Hunsberger | 2010-08-13 15:14:19 | Re: ORM integration? |
| Previous Message | Peter Hunsberger | 2010-08-13 15:11:22 | Re: ORM integration? |