Hi Tom,
Thanks for that, sounds very likely to be the problem. Forgot to mention
that this is running 8.4.6 on Mac OSX (Enterprise DB build) so a pretty
new build. No idea what they are using for SSL libraries though.
Cheers,
Bas
On 1/03/11 3:58 PM, Tom Lane wrote:
>
> Was this dying after several hundred megabytes pushed across the SSL
> connection? If so, it probably is a known issue: many vendors
> lobotomized their SSL libraries' handling of renegotiation as a stopgap
> solution for the security issue CVE-2009-3555, and not everybody has
> adopted a real fix yet. If you are running a reasonably recent version
> of PG (one released since 2010-02-25) you can work around this by
> setting ssl_renegotiation_limit = 0 in postgresql.conf; but a better fix
> would be to update to a non-lobotomized SSL library if possible. Note
> that either the client- or server-side SSL library could be at fault.
>
> regards, tom lane
