Postgres Pro
Downloads
Home   >   mailing lists

Re: pgpool ssl handshake failure - Mailing list pgsql-general

From Adrian Klaver
Subject Re: pgpool ssl handshake failure
Date
Msg-id 561FD644.6040201@aklaver.com
Whole thread Raw
In response to Re: pgpool ssl handshake failure  (AI Rumman <rummandba@gmail.com>)
List pgsql-general
Tree view 
On 10/15/2015 09:36 AM, AI Rumman wrote:
> I configured Postgresql 9.4 and still getting the same error.

Configured what?

Or more to the point what is ssl_renegotiation_limit set to?

>
> Thanks.
>
> On Thu, Oct 15, 2015 at 7:16 AM, Adrian Klaver
> <adrian.klaver@aklaver.com <mailto:adrian.klaver@aklaver.com>> wrote:
>
>     On 10/15/2015 06:59 AM, AI Rumman wrote:
>
>         Hi,
>
>         I am using pgpool-II version 3.4.3 (tataraboshi).
>         Where my database is Postgresql 8.4.
>
>
>     Probably already know, but 8.4 is approximately 1.25 years beyond EOL:
>
>     http://www.postgresql.org/support/versioning/
>
>
>         I am trying to configure ssl mode from client and between pgpool and
>         database it is non-ssl.
>
>
>     What is non-ssl, the database or pgpool?
>
>         I configured as document and now I am getting this in my log:
>
>              /2015-10-13 22:17:58: pid 1857: LOG:  new connection received
>              //2015-10-13 22:17:58: pid 1857: DETAIL:  connecting
>         host=10.0.0.5
>              port=65326
>              //2015-10-13 22:17:58: pid 1857: LOG:  pool_ssl:
>         "SSL_read": "ssl
>              handshake failure"
>              //2015-10-13 22:17:58: pid 1857: ERROR:  unable to read
>         data from
>              frontend
>              //2015-10-13 22:17:58: pid 1857: DETAIL:  socket read
>         failed with an
>              error "Success"/
>
>         Please let me know what wrong I am doing.
>
>
>     Not quite sure but given the below from the 9.5 Release Notes:
>
>     "
>     Remove server configuration parameter ssl_renegotiation_limit, which
>     was deprecated in earlier releases (Andres Freund)
>
>     While SSL renegotiation is a good idea in theory, it has caused
>     enough bugs to be considered a net negative in practice, and it is
>     due to be removed from future versions of the relevant standards. We
>     have therefore removed support for it from PostgreSQL."
>
>     I would check to see what  ssl_renegotiation_limit is set to:
>
>     http://www.postgresql.org/docs/8.4/static/runtime-config-connection.html
>
>     and if it is not set to 0, then try that.
>
>
>
>         Thanks & Regards.
>
>
>
>     --
>     Adrian Klaver
>     adrian.klaver@aklaver.com <mailto:adrian.klaver@aklaver.com>
>
>


--
Adrian Klaver
adrian.klaver@aklaver.com

pgsql-general by date:

Previous
From: AI Rumman
Date:
Subject: Re: pgpool ssl handshake failure
Next
From: Emi
Date:
Subject: Simple way to load xml into table