Re: pgpool ssl handshake failure - Mailing list pgsql-general

On 10/15/2015 06:59 AM, AI Rumman wrote:

Hi,

I am using pgpool-II version 3.4.3 (tataraboshi).
Where my database is Postgresql 8.4.

Probably already know, but 8.4 is approximately 1.25 years beyond EOL:

http://www.postgresql.org/support/versioning/

I am trying to configure ssl mode from client and between pgpool and
database it is non-ssl.

What is non-ssl, the database or pgpool?

I configured as document and now I am getting this in my log:

    /2015-10-13 22:17:58: pid 1857: LOG:  new connection received
    //2015-10-13 22:17:58: pid 1857: DETAIL:  connecting host=10.0.0.5
    port=65326
    //2015-10-13 22:17:58: pid 1857: LOG:  pool_ssl: "SSL_read": "ssl
    handshake failure"
    //2015-10-13 22:17:58: pid 1857: ERROR:  unable to read data from
    frontend
    //2015-10-13 22:17:58: pid 1857: DETAIL:  socket read failed with an
    error "Success"/

Please let me know what wrong I am doing.

Not quite sure but given the below from the 9.5 Release Notes:

"
Remove server configuration parameter ssl_renegotiation_limit, which was deprecated in earlier releases (Andres Freund)

While SSL renegotiation is a good idea in theory, it has caused enough bugs to be considered a net negative in practice, and it is due to be removed from future versions of the relevant standards. We have therefore removed support for it from PostgreSQL."

I would check to see what  ssl_renegotiation_limit is set to:

http://www.postgresql.org/docs/8.4/static/runtime-config-connection.html

and if it is not set to 0, then try that.

Thanks & Regards.

--
Adrian Klaver
adrian.klaver@aklaver.com