On Jun14, 2012, at 15:28 , Euler Taveira wrote: > On 14-06-2012 02:19, Tom Lane wrote: >> I still think that pushing this off to openssl (not an ssh tunnel, but >> the underlying transport library) would be an adequate solution. >> If you are shoving data over a connection that is long enough to need >> compression, the odds that every bit of it is trustworthy seem pretty >> small, so you need encryption too. >> > I don't want to pay the SSL connection overhead. Also I just want compression, > encryption is not required. OpenSSL give us encryption with/without > compression; we need an option to obtain compression in non-SSL connections.
AFAIR, openssl supports a NULL cipher which doesn't do any encryption. We could have a connection parameter, say compress=on, which selects that cipher (unless sslmode is set to prefer or higher, of course). SSL NULL-chipher connections would be treated like unencrypted connections when matching against pg_hba.conf. best regards, Florian Pflug -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
