Home > mailing lists

Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?) - Mailing list pgsql-hackers

From	Magnus Hagander
Subject	Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?)
Date	June 24, 2015 19:34:49
Msg-id	CABUevEyUaiyDy96T9UjxtXe3cqfqsmK24qKBC8JJiFDT8qU8Rg@mail.gmail.com Whole thread Raw
In response to	Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?) (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

<p dir="ltr"><br /> On Jun 24, 2015 5:13 PM, "Tom Lane" <<a
href="mailto:tgl@sss.pgh.pa.us">tgl@sss.pgh.pa.us</a>>wrote:<br /> ><br /> > Andres Freund <<a
href="mailto:andres@anarazel.de">andres@anarazel.de</a>>writes:<br /> > > I, by now, have come to a different
conclusion.I think it's time to<br /> > > entirely drop the renegotiation support.<br /> ><br /> > Well,
that'sa radical proposal, but I think we should take it seriously.<br /> ><br /><p dir="ltr">Yes. <p dir="ltr">Just
onmy phone right now, but wasn't renegotiation also an attack vector in one of the recent openssl bugs? <p
dir="ltr">/Magnus<br />

pgsql-hackers by date:

From: Tom Lane
Date: 24 June 2015, 19:27:05
Subject: Re: Should we back-patch SSL renegotiation fixes?

From: Robert Haas
Date: 24 June 2015, 19:52:22
Subject: Re: Multixid hindsight design

Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?) - Mailing list pgsql-hackers

Previous

Next