On Sat, Jul 11, 2015 at 9:28 PM, Andres Freund <andres@anarazel.de> wrote:
On 2015-07-11 21:09:05 +0900, Michael Paquier wrote: > Something like the patches attached
Thanks for that! > could be considered, one is for master > and REL9_5_STABLE to remove ssl_renegotiation_limit, the second one for > ~REL9_4_STABLE to change the default to 0.
> diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml > index c669f75..16c0ce5 100644 > --- a/doc/src/sgml/config.sgml > +++ b/doc/src/sgml/config.sgml > @@ -1040,7 +1040,7 @@ include_dir 'conf.d' > cryptanalysis when large amounts of traffic can be examined, but it > also carries a large performance penalty. The sum of sent and received > traffic is used to check the limit. If this parameter is set to 0, > - renegotiation is disabled. The default is <literal>512MB</>. > + renegotiation is disabled. The default is <literal>0</>.
I think we should put in a warning or at least note about the dangers of enabling it (connection breaks, exposure to several open openssl bugs).
This sounds like a good idea to me. Here is an idea: + <warning> + <para> + Enabling <varname>ssl_renegotiation_limit</> can cause various + problems endangering the stability of a <productname>PostgreSQL</> + instance like connection breaking suddendly and exposes the + server to bugs related to the internal implementation of renegotiation + done in the SSL libraries used. + </para> + </warning>