Home > mailing lists

Re: Should we back-patch SSL renegotiation fixes? - Mailing list pgsql-hackers

From	Robert Haas
Subject	Re: Should we back-patch SSL renegotiation fixes?
Date	June 26, 2015 17:27:10
Msg-id	CA+TgmoZ+BrQm=3XsVsyp5XPfORJdmfbz8we-_MkJLg+XXiJ=NA@mail.gmail.com Whole thread Raw
In response to	Re: Should we back-patch SSL renegotiation fixes? (Andres Freund <andres@anarazel.de>)
Responses	Re: Should we back-patch SSL renegotiation fixes? (Tom Lane <tgl@sss.pgh.pa.us>) Re: Should we back-patch SSL renegotiation fixes? (Andres Freund <andres@anarazel.de>)
List	pgsql-hackers

Tree view

On Fri, Jun 26, 2015 at 9:59 AM, Andres Freund <andres@anarazel.de> wrote:
> Generally I'd agree that that is a bad thing. But there's really not
> much of a observable behaviour change in this case? Except that
> connections using ssl break less often.

Well, SSL renegotiation exists for a reason: to improve security.
It's not awesome that we're being forced to shut off features that are
designed to improve security.  But it seems we have little choice, at
least until we can support some other SSL implementation (and maybe
not even then).

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

pgsql-hackers by date:

From: Tom Lane
Date: 26 June 2015, 17:22:08
Subject: Re: Nitpicking: unnecessary NULL-pointer check in pg_upgrade's controldata.c

From: Tom Lane
Date: 26 June 2015, 17:30:40
Subject: Re: Should we back-patch SSL renegotiation fixes?

Re: Should we back-patch SSL renegotiation fixes? - Mailing list pgsql-hackers

Previous

Next