Home > mailing lists

Re: Recent vendor SSL renegotiation patches break PostgreSQL - Mailing list pgsql-hackers

From	Stefan Kaltenbrunner
Subject	Re: Recent vendor SSL renegotiation patches break PostgreSQL
Date	February 3, 2010 14:18:03
Msg-id	4B69934D.7060307@kaltenbrunner.cc Whole thread Raw
In response to	Re: Recent vendor SSL renegotiation patches break PostgreSQL (Robert Haas <robertmhaas@gmail.com>)
Responses	Re: Recent vendor SSL renegotiation patches break PostgreSQL (Chris Campbell <chris_campbell@mac.com>)
List	pgsql-hackers

Tree view

Robert Haas wrote:
> On Wed, Feb 3, 2010 at 6:24 AM, Chris Campbell <chris_campbell@mac.com> wrote:
>> The flurry of patches that vendors have recently been making to OpenSSL to address
>> the potential man-in-the-middle attack during SSL renegotiation have disabled SSL
>> renegotiation altogether in the OpenSSL libraries. Applications that make use of SSL
>> renegotiation, such as PostgreSQL, start failing.
> 
> Should we think about adding a GUC to disable renegotiation until this
> blows over?

hmm I wonder if we should not go as far as removing the whole 
renegotiation code, from the field it seems that there are very very few 
daemons actually doing that kind forced renegotiation.


Stefan

pgsql-hackers by date:

From: Robert Haas
Date: 03 February 2010, 14:03:59
Subject: Re: Recent vendor SSL renegotiation patches break PostgreSQL

From: Robert Haas
Date: 03 February 2010, 14:22:32
Subject: Re: Largeobject Access Controls (r2460)

Re: Recent vendor SSL renegotiation patches break PostgreSQL - Mailing list pgsql-hackers

Previous

Next