Direct TLS can speed up your connections
a year ago
- #Networking
- #PostgreSQL
- #TLS
- Aurora DSQL connections were slower without VPN, specifically in AWS offices.
- Debugging revealed an extra non-Postgres connection was being made for each cluster connection.
- Cisco firewall was initiating a second TLS 1.2 handshake to inspect certificates due to TLS 1.3 encryption.
- Postgres 17 introduced direct TLS support, allowing TLS handshake without prior SSLRequest.
- Direct TLS in Postgres 17+ clients requires `sslmode=require` and `sslnegotiation=direct`.
- Aurora DSQL enforces TLS, making direct TLS a recommended feature for faster connections.
- Example connection strings provided for `psql` and `pdsql` with direct TLS parameters.