Home > mailing lists

Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?) - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?)
Date	June 24, 2015 18:11:26
Msg-id	1392.1435158676@sss.pgh.pa.us Whole thread Raw
In response to	Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?) (Andres Freund <andres@anarazel.de>)
Responses	Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?) (Andres Freund <andres@anarazel.de>) Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?) (Magnus Hagander <magnus@hagander.net>) Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?) (Robert Haas <robertmhaas@gmail.com>)
List	pgsql-hackers

Tree view

Andres Freund <andres@anarazel.de> writes:
> I, by now, have come to a different conclusion. I think it's time to
> entirely drop the renegotiation support.

Well, that's a radical proposal, but I think we should take it seriously.

On balance I think I agree that SSL renegotiation has not been worth the
trouble.  And we definitely aren't testing it adequately, so if we wanted
to keep it then there's even *more* work that somebody ought to expend.

I assume we'd back-patch it, too?  (Probably not remove the
ssl_renegotiation_limit variable, but always act as though it were zero.)
If we still have to maintain the code in the back branches then we'd
continue to have to deal with its bugs for some time.
        regards, tom lane

pgsql-hackers by date:

From: Alvaro Herrera
Date: 24 June 2015, 17:50:12
Subject: Re: Should we back-patch SSL renegotiation fixes?

From: Andres Freund
Date: 24 June 2015, 18:15:46
Subject: Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?)

Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?) - Mailing list pgsql-hackers

Previous

Next