On Fri, Jan 16, 2015 at 8:41 AM, Adrian Klaver <adrian.kla...@aklaver.com> wrote:
> On 01/16/2015 08:30 AM, Tom Lane wrote: > >> Maciek Sakrejda <mac...@heroku.com> writes: >> >>> I'm having a hard time getting SSL compression working (or even figuring >>> out why it's not working) with my local Postgres server. The setting [1] >>> is >>> documented to default to on, but according to the banner when I connect >>> with psql, it's off. >>> >> >> Possibly you have the same type of problem mentioned here: >> >> http://www.postgresql.org/message-id/CABUevEytxEQtbMeuKpJ8tYjeeB37m >> zdq7baszezn6egcgrd...@mail.gmail.com >> > > Yes that would seem to be the issue: > > https://launchpad.net/ubuntu/trusty/+source/openssl/+changelog > > openssl (1.0.1e-3ubuntu1) > > Disable compression to avoid CRIME systemwide (CVE-2012-4929). > > > >> although Ubuntu may well have done it a bit differently than Red Hat, >> ie the way to override openssl's default behavior might be different. >> >> regards, tom lane >> >> >> There's been a few reports on this now. Perhaps we should add a note to the docs (not necessarily saying how to fix it, as it may differ, but a note saying that many distributions changed the way this is handled and that you might need to set an external override)? -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/
