Scott Marlowe <scott.marlowe@gmail.com> writes:
> I've had problems with ssl connections dying on me. For slony
> replication I had to make sure the connections were NOT ssl or they'd
> die and subscriptions would just keep repeating after getting 80%
> through and getting a connect error. This was with 8.4 on debian
> lenny.
That sounds like an artifact of the kluge solution some vendors used for
the SSL renegotiation security bug a couple years back: their patched
openssl libraries would simply kill the connection when a key
renegotiation was requested, which PG would do after transferring a
couple hundred megabytes.
We put in a workaround whereby you could prevent that by setting a GUC
variable to disable the renegotiation requests ... but if you're still
seeing such a problem today, you really need to complain to your distro
vendor. Nobody should still be shipping such lobotomized libraries.
regards, tom lane
