Hi hackers.
I noticed ssl_renegotiation_limit has been removed in PostgreSQL 9.5, good riddance...
However, the new situation where some versions of PG allow this parameter while others bomb when seeing it. Specifically, Npgsql sends ssl_renegotiation_limit=0 in the startup packet to completely disable renegotiation. At this early stage it doesn't know yet whether the database it's connecting to is PG 9.5 or earlier.
Is there any chance you'd consider allowing ssl_renegotiation_limit in PG 9.5, without it having any effect (I think that's the current behavior for recent 9.4, 9.3, right)? It may be a good idea to only allow this parameter to be set to zero, raising an error otherwise.
The alternative would be to force users to specify in advance whether the database they're connecting to supports this parameter, or to send it after the startup packet which complicates things etc.
Thanks,
Shay
