From e3bdb2d92600ed45bd46aaf48309a436a9628218 Mon Sep 17 00:00:00 2001 From: Peter Eisentraut Date: Sat, 17 Mar 2018 08:56:50 -0400 Subject: Set libpq sslcompression to off by default Since SSL compression is no longer recommended, turn the default in libpq from on to off. OpenSSL 1.1.0 and many distribution packages already turn compression off by default, so such a server won't accept compression anyway. So this will mainly affect users of older OpenSSL installations. Also update the documentation to make clear that this setting is no longer recommended. Discussion: https://www.postgresql.org/message-id/flat/595cf3b1-4ffe-7f05-6f72-f72b7afa7993%402ndquadrant.com --- src/interfaces/libpq/fe-secure-openssl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src/interfaces/libpq/fe-secure-openssl.c') diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c index 127122563c2..1a35b30dbcd 100644 --- a/src/interfaces/libpq/fe-secure-openssl.c +++ b/src/interfaces/libpq/fe-secure-openssl.c @@ -1188,14 +1188,14 @@ initialize_SSL(PGconn *conn) SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, verify_cb); /* - * If the OpenSSL version used supports it (from 1.0.0 on) and the user - * requested it, disable SSL compression. + * Set compression option if the OpenSSL version used supports it (from + * 1.0.0 on). */ #ifdef SSL_OP_NO_COMPRESSION if (conn->sslcompression && conn->sslcompression[0] == '0') - { SSL_set_options(conn->ssl, SSL_OP_NO_COMPRESSION); - } + else + SSL_clear_options(conn->ssl, SSL_OP_NO_COMPRESSION); #endif return 0; -- cgit v1.2.3