Home > mailing lists

Re: Should we back-patch SSL renegotiation fixes? - Mailing list pgsql-hackers

From	Andres Freund
Subject	Re: Should we back-patch SSL renegotiation fixes?
Date	June 24, 2015 22:50:00
Msg-id	20150624194951.GC14672@awork2.anarazel.de Whole thread Raw
In response to	Re: Should we back-patch SSL renegotiation fixes? (Peter Eisentraut <peter_e@gmx.net>)
Responses	Re: Should we back-patch SSL renegotiation fixes? (Robert Haas <robertmhaas@gmail.com>)
List	pgsql-hackers

Tree view

On 2015-06-24 15:41:22 -0400, Peter Eisentraut wrote:
> On 6/24/15 3:13 PM, Andres Freund wrote:
> > Meh. The relevant branches already exist, as you can disable it today.
> > 
> > We could also just change the default in the back branches.
> 
> One more argument for leaving everything alone.  If users don't like it,
> they can turn it off themselves.

Because it's so obvious to get there from "SSL error: unexpected
message", "SSL error: bad write retry" or "SSL error: unexpected record"
to disabling renegotiation. Right?  Search the archives and you'll find
plenty of those, mostly in relation to streaming rep. It took -hackers
years to figure out what causes those, how are normal users supposed to
a) correlate such errors with renegotiation b) evaluate what do about
it?

pgsql-hackers by date:

From: Peter Eisentraut
Date: 24 June 2015, 22:41:32
Subject: Re: Should we back-patch SSL renegotiation fixes?

From: Peter Eisentraut
Date: 24 June 2015, 22:55:38
Subject: Re: git push hook to check for outdated timestamps

Re: Should we back-patch SSL renegotiation fixes? - Mailing list pgsql-hackers

Previous

Next