Re: Recent vendor SSL renegotiation patches break PostgreSQL - Mailing list pgsql-hackers

From Chris Campbell
Subject Re: Recent vendor SSL renegotiation patches break PostgreSQL
Date
Msg-id 29CD7C5E-24DB-459C-875B-3E05108E4892@mac.com
Whole thread Raw
In response to Re: Recent vendor SSL renegotiation patches break PostgreSQL  (Robert Haas <robertmhaas@gmail.com>)
Responses Re: Recent vendor SSL renegotiation patches break PostgreSQL
List pgsql-hackers
Is there a way to detect when the SSL library has renegotiation disabled? (Either at compile-time or runtime, although
runtimewould definitely be better because we’ll change our behavior if/when the user updates their SSL library.) 

If so, we could skip renegotiation when it’s disabled in the library, but otherwise perform renegotiation like we
normallydo (every 512 MB, I think it is). 

Also, the official OpenSSL patch provides a way for the application to re-enable renegotiation. I don’t think all
implementationswill do so, though (e.g., some vendors might have patched it differently). 

- Chris



pgsql-hackers by date:

Previous
From: Marko Tiikkaja
Date:
Subject: Re: Review of Writeable CTE Patch
Next
From: Robert Haas
Date:
Subject: Re: Review of Writeable CTE Patch