3.
libpqはデフォルトでSSL圧縮が有効だが、比較的新しい
opensslはデフォルトでSSL圧縮が無効となっている
It is also not recommended to use compression if data transfered contain
untrusted parts that can be manipulated by an attacker as he could then
get information about the encrypted data.
See the CRIME attack.
For that reason the default loading of the zlib compression method is
disabled and enabled only if the environment variable
B<OPENSSL_DEFAULT_ZLIB> is present during the library initialization.
http://vault.centos.org/6.5/os/Source/SPackages/openssl-1.0.1e-15.el6.src.rpmの
openssl-1.0.1e-env-zlib.patchより引用
$ cat .bash_profile
[ -f /etc/profile ] && source /etc/profile
export PGDATA=/var/lib/pgsql/9.3/data
export PATH=/usr/pgsql-9.3/bin:$PATH
export OPENSSL_DEFAULT_ZLIB=1
クライアント、サーバの両方で環境変数に
OPENSSL_DEFAULT_ZLIBを設定しないと
SSL圧縮が有効にならない
3