From f9264d1524baa19e4a0528f033681ef16f61b137 Mon Sep 17 00:00:00 2001 From: Michael Paquier Date: Tue, 9 Mar 2021 11:16:47 +0900 Subject: Remove support for SSL compression PostgreSQL disabled compression as of e3bdb2d and the documentation recommends against using it since. Additionally, SSL compression has been disabled in OpenSSL since version 1.1.0, and was disabled in many distributions long before that. The most recent TLS version, TLSv1.3, disallows compression at the protocol level. This commit removes the feature itself, removing support for the libpq parameter sslcompression (parameter still listed for compatibility reasons with existing connection strings, just ignored), and removes the equivalent field in pg_stat_ssl and de facto PgBackendSSLStatus. Note that, on top of removing the ability to activate compression by configuration, compression is actively disabled in both frontend and backend to avoid overrides from local configurations. A TAP test is added for deprecated SSL parameters to check after backwards compatibility. Bump catalog version. Author: Daniel Gustafsson Reviewed-by: Peter Eisentraut, Magnus Hagander, Michael Paquier Discussion: https://postgr.es/m/7E384D48-11C5-441B-9EC3-F7DB1F8518F6@yesql.se --- doc/src/sgml/libpq.sgml | 33 ++------------------------------- doc/src/sgml/monitoring.sgml | 10 ---------- 2 files changed, 2 insertions(+), 41 deletions(-) (limited to 'doc/src') diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index 05532793142..6d2e86a1f59 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -1635,24 +1635,7 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname sslcompression - If set to 1, data sent over SSL connections will be compressed. If - set to 0, compression will be disabled. The default is 0. This - parameter is ignored if a connection without SSL is made. - - - - SSL compression is nowadays considered insecure and its use is no - longer recommended. OpenSSL 1.1.0 disables - compression by default, and many operating system distributions - disable it in prior versions as well, so setting this parameter to on - will not have any effect if the server does not accept compression. - - - - If security is not a primary concern, compression can improve - throughput if the network is the bottleneck. Disabling compression - can improve response time and throughput if CPU performance is the - limiting factor. + Ignored (formerly, this specified whether to attempt SSL compression). @@ -2545,9 +2528,7 @@ const char *PQsslAttribute(const PGconn *conn, const char *attribute_name); compression - If SSL compression is in use, returns the name of the compression - algorithm, or "on" if compression is used but the algorithm is - not known. If compression is not in use, returns "off". + SSL compression is no longer supported, always returns "off". @@ -7182,16 +7163,6 @@ myEventProc(PGEventId evtId, void *evtInfo, void *passThrough) - - - - PGSSLCOMPRESSION - - PGSSLCOMPRESSION behaves the same as the connection parameter. - - - diff --git a/doc/src/sgml/monitoring.sgml b/doc/src/sgml/monitoring.sgml index 3513e127b78..53692c0020b 100644 --- a/doc/src/sgml/monitoring.sgml +++ b/doc/src/sgml/monitoring.sgml @@ -3065,16 +3065,6 @@ SELECT pid, wait_event_type, wait_event FROM pg_stat_activity WHERE wait_event i - - - compression boolean - - - True if SSL compression is in use, false if not, - or NULL if SSL is not in use on this connection - - - client_dn text -- cgit v1.2.3