Set libpq sslcompression to off by default

Since SSL compression is no longer recommended, turn the default in libpq from on to off. OpenSSL 1.1.0 and many distribution packages already turn compression off by default, so such a server won't accept compression anyway. So this will mainly affect users of older OpenSSL installations. Also update the documentation to make clear that this setting is no longer recommended. Discussion: https://www.postgresql.org/message-id/flat/595cf3b1-4ffe-7f05-6f72-f72b7afa7993%402ndquadrant.com
2025-06-25 01:02:05 +03:00 · 2018-03-17 08:56:50 -04:00
parent 8a3d942529
commit e3bdb2d926
3 changed files with 25 additions and 16 deletions
--- a/src/interfaces/libpq/fe-secure-openssl.c
+++ b/src/interfaces/libpq/fe-secure-openssl.c
@ -1188,14 +1188,14 @@ initialize_SSL(PGconn *conn)
 		SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, verify_cb);

 	/*
-	 * If the OpenSSL version used supports it (from 1.0.0 on) and the user
-	 * requested it, disable SSL compression.
+	 * Set compression option if the OpenSSL version used supports it (from
+	 * 1.0.0 on).
 	 */
 #ifdef SSL_OP_NO_COMPRESSION
 	if (conn->sslcompression && conn->sslcompression[0] == '0')
-	{
 		SSL_set_options(conn->ssl, SSL_OP_NO_COMPRESSION);
-	}
+	else
+		SSL_clear_options(conn->ssl, SSL_OP_NO_COMPRESSION);
 #endif

 	return 0;