Hi
On 06/01/15 22:51, Marco Di Cesare wrote:
> I am connecting to a Postgres instance using SSL and seeing fairly slow
> connect times. I would expect there would be some overhead but it's more
> than I anticipated. The connection is happening over a network. I am
> using a wildcard SSL certificate on the server side only.
> Using one of these JDBC SSL connect strings takes on average: 1060 ms to
> connect to the database:
>
jdbc:postgresql://db01-dev.pointclickcare.com:5432/testdb?ssl=true&sslmode=require&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory
> - or -
>
jdbc:postgresql://db01-dev.pointclickcare.com:5432/testdb?ssl=true&sslmode=require&sslfactory=org.postgresql.ssl.NonValidatingFactory
> Using this JDBC non-SSL connect string takes on average: 190 ms to
> connect to the database:
> jdbc:postgresql://db01-dev.pointclickcare.com:5432/testdb
> Does this sound like a reasonable overhead that SSL would add to the
> connection time or does this seem high? (~870ms/~443% slower using SSL)
What is the network latency (ping) between the two hosts? SSL requires a
handshake, exchanging a number messages between the two hosts, and if
each roundtrip takes a significant amount of time ...
The 190ms seems quite high. On my rather slow workstation, a local
connection without SSL takes ~30ms , with SSL ~70ms. So I wouldn't be
surprised by ~100ms roundtrips in your case, and that is going to slow
down the SSL handshake significantly.
There's very little you can do with the roundtrip time, usually, but you
can keep the connections open in a pool. That'll amortize the costs.
regards
--
Tomas Vondra http://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services