Home > mailing lists

Re: Problem with streaming replication over SSL - Mailing list pgsql-general

From	Albe Laurenz
Subject	Re: Problem with streaming replication over SSL
Date	November 6, 2012 14:48:22
Msg-id	D960CB61B694CF459DCFB4B0128514C208A4E9D1@exadv11.host.magwien.gv.at Whole thread Raw
In response to	Re: Problem with streaming replication over SSL (Magnus Hagander <magnus@hagander.net>)
Responses	Re: Problem with streaming replication over SSL (Magnus Hagander <magnus@hagander.net>)
List	pgsql-general

Tree view

Magnus Hagander wrote:
>> I have streaming replication configured over SSL, and
>> there seems to be a problem with SSL renegotiation.
[...]
>> After that, streaming replication reconnects and resumes working.
>>
>> Is this an oversight in the replication protocol, or is this
>> working as designed?

> This sounds a lot like the general issue with SSL renegotiation, just
that it tends to show itself
> more often on replication connections since they don't disconnect very
often...
>
> Have you tried disabling SSL renegotiation on the connection
(ssl_renegotation=0)? If that helps, then
> the SSL library on one of the ends  still has the problem with
renegotiation...

It can hardly be the CVE-2009-3555 renegotiation problem.

Both machines have OpenSSL 1.0.0, and RFC 5746 was implemented in
0.9.8m.

But I'll try to test if normal connections have the problem too.

Yours,
Laurenz Albe

pgsql-general by date:

From: Magnus Hagander
Date: 06 November 2012, 14:16:22
Subject: Re: Question about "ident_file" in postgres.conf

From: Magnus Hagander
Date: 06 November 2012, 15:08:45
Subject: Re: Problem with streaming replication over SSL

Re: Problem with streaming replication over SSL - Mailing list pgsql-general

Previous

Next