@@ -1438,19 +1438,28 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
1438
1438
<term><literal>sslcompression</literal></term>
1439
1439
<listitem>
1440
1440
<para>
1441
- If set to 1 (default), data sent over SSL connections will be
1442
- compressed.
1443
- If set to 0, compression will be disabled (this requires
1444
- <productname>OpenSSL</productname> 1.0.0 or later).
1445
- This parameter is ignored if a connection without SSL is made,
1446
- or if the version of <productname>OpenSSL</productname> used does not support
1447
- it.
1441
+ If set to 1, data sent over SSL connections will be compressed. If
1442
+ set to 0, compression will be disabled. The default is 0. This
1443
+ parameter is ignored if a connection without SSL is made.
1448
1444
</para>
1445
+
1446
+ <para>
1447
+ SSL compression is nowadays considered insecure and its use is no
1448
+ longer recommended. <productname>OpenSSL</productname> 1.1.0 disables
1449
+ compression by default, and many operating system distributions
1450
+ disable it in prior versions as well, so setting this parameter to on
1451
+ will not have any effect if the server does not accept compression.
1452
+ On the other hand, <productname>OpenSSL</productname> before 1.0.0
1453
+ does not support disabling compression, so this parameter is ignored
1454
+ with those versions, and whether compression is used depends on the
1455
+ server.
1456
+ </para>
1457
+
1449
1458
<para>
1450
- Compression uses CPU time, but can improve throughput if
1451
- the network is the bottleneck.
1452
- Disabling compression can improve response time and throughput
1453
- if CPU performance is the limiting factor.
1459
+ If security is not a primary concern, compression can improve
1460
+ throughput if the network is the bottleneck. Disabling compression
1461
+ can improve response time and throughput if CPU performance is the
1462
+ limiting factor.
1454
1463
</para>
1455
1464
</listitem>
1456
1465
</varlistentry>
0 commit comments