Home > mailing lists

Re: Allow ssl_renegotiation_limit in PG 9.5 - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Allow ssl_renegotiation_limit in PG 9.5
Date	October 14, 2015 20:04:40
Msg-id	31025.1444842270@sss.pgh.pa.us Whole thread Raw
In response to	Re: Allow ssl_renegotiation_limit in PG 9.5 (Andres Freund <andres@anarazel.de>)
Responses	Re: Allow ssl_renegotiation_limit in PG 9.5 (Andres Freund <andres@anarazel.de>)
List	pgsql-hackers

Tree view

Andres Freund <andres@anarazel.de> writes:
> On 2015-10-14 18:53:14 +0300, Shay Rojansky wrote:
>> However, the new situation where some versions of PG allow this parameter
>> while others bomb when seeing it. Specifically, Npgsql sends
>> ssl_renegotiation_limit=0 in the startup packet to completely disable
>> renegotiation. At this early stage it doesn't know yet whether the database
>> it's connecting to is PG 9.5 or earlier.

> I find it a rather debatable practice to send such a parameter
> unconditionally. Why are you sending it before the connection has even
> been established?

It doesn't seem to me that a connector such as npgsql has any business
whatsoever fooling with such a parameter, unconditionally or otherwise.
        regards, tom lane

pgsql-hackers by date:

From: Jim Nasby
Date: 14 October 2015, 20:04:28
Subject: Re: Can extension build own SGML document?

From: Andres Freund
Date: 14 October 2015, 20:06:44
Subject: Re: Allow ssl_renegotiation_limit in PG 9.5

Re: Allow ssl_renegotiation_limit in PG 9.5 - Mailing list pgsql-hackers

Previous

Next