Home > mailing lists

Re: [BUGS] BUG #14893: libpq SSL ClientHello too long, no option to set ciphers or affect cipher list length - Mailing list pgsql-bugs

From	Tom Lane
Subject	Re: [BUGS] BUG #14893: libpq SSL ClientHello too long, no option to set ciphers or affect cipher list length
Date	November 9, 2017 22:39:16
Msg-id	25136.1510245556@sss.pgh.pa.us Whole thread Raw
In response to	[BUGS] BUG #14893: libpq SSL ClientHello too long,no option to set ciphers or affect cipher list length (minfrin@sharp.fm)
List	pgsql-bugs

Tree view

minfrin@sharp.fm writes:
> I am having trouble on an Ubuntu Xenial machine where the out-the-box psql
> refuses to connect to the out-the-box postgresql over SSL. The same setup
> worked on Ubuntu Trusty.

> Debugging reveals that the cipher list sent by the libpg client is too long
> (greater than 255 bytes), and this causes the postgresql server to slam down
> the phone, or it derails the client side enough that a bogus message "tlsv1
> alert unknown ca" is returned by the client.

This seems like an OpenSSL bug, not a Postgres bug.  libpq doesn't do
anything that determines cipher lists.
        regards, tom lane


-- 
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs

pgsql-bugs by date:

From: Pavel Stehule
Date: 09 November 2017, 21:11:46
Subject: Re: [BUGS] Help me plz

From: tfredy02@gmail.com
Date: 10 November 2017, 01:48:46
Subject: [BUGS] BUG #14894: Data Type Money

Re: [BUGS] BUG #14893: libpq SSL ClientHello too long, no option to set ciphers or affect cipher list length - Mailing list pgsql-bugs

Previous

Next