Thread: 9.0 SSL renegotiation failure restoring data

9.0 SSL renegotiation failure restoring data

From

Andrus Moor

Date:

02 October 2010, 20:30:58

Steps to reproduce:

1. Ran latest pgAdmin in windows server 2005 Standard x64 Edition
2. Restore data to Postgres 9.0 linux server from 450 MB backup file if only
SSL connection is enabled

After some time pg_restore reports that connection is closed.
server log is below.
How to restore 450 MB backup copy to Postgres 9.0 Linux server from windows
server using SSL ?

Andrus.

LOG: duration: 2643663.100 ms statement: COPY artpilt (id, toode, pilt,
pildityyp, esipil
t) FROM stdin;
LOG: SSL renegotiation failure
LOG: SSL failed to send renegotiation request
LOG: SSL renegotiation failure
LOG: SSL error: unsafe legacy renegotiation disabled
LOG: could not send data to client: Connection reset by peer
LOG: SSL error: unsafe legacy renegotiation disabled
LOG: could not receive data from client: Connection reset by peer
LOG: unexpected EOF on client connection

Re: 9.0 SSL renegotiation failure restoring data

From

Tom Lane

Date:

02 October 2010, 20:43:34

Andrus Moor <kobruleht2@hot.ee> writes:
> How to restore 450 MB backup copy to Postgres 9.0 Linux server from
> windows server using SSL ?

Either (1) get a non-lobotomized SSL library, or (2) set
ssl_renegotiation_limit to zero in the server.

            regards, tom lane

Re: 9.0 SSL renegotiation failure restoring data

From

Andrus Moor

Date:

02 October 2010, 21:01:10

> Either (1) get a non-lobotomized SSL library

I'm using latest official Postgres 9.0 server and pgAdmin client. Does one of them contain bug in SSL ?

Andrus.

Re: 9.0 SSL renegotiation failure restoring data

From

Bruce Momjian

Date:

20 October 2010, 21:22:06

Andrus Moor wrote:
> > Either (1) get a non-lobotomized SSL library
> I'm using latest official Postgres 9.0 server and pgAdmin client.
> Does one of them contain bug in SSL??

Uh, we don't ship SSL in the server.  We ship code that _uses_ ssl, so I
would look at your operating system to see what version of SSL you have,
and perhaps update that.

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + It's impossible for everything to be true. +

Re: 9.0 SSL renegotiation failure restoring data

From

"Andrus"

Date:

21 October 2010, 11:35:31

> Uh, we don't ship SSL in the server.
> We ship code that _uses_ ssl, so I
> would look at your operating system to see what version of SSL you have,
> and perhaps update that.

I installed postgres 9.0 RC in Windows from official link and looked into
bin:

 Directory of C:\Program Files\PostgreSQL\9.0\bin

15.11.2009  16:37           200_704 ssleay32.dll
15.11.2009  16:37         1_017_344 libeay32.dll

How to update them so that they match with linux server ?

Andrus.

Re: 9.0 SSL renegotiation failure restoring data

From

Bruce Momjian

Date:

21 October 2010, 13:40:54

Andrus wrote:
> > Uh, we don't ship SSL in the server.
> > We ship code that _uses_ ssl, so I
> > would look at your operating system to see what version of SSL you have,
> > and perhaps update that.
>
> I installed postgres 9.0 RC in Windows from official link and looked into
> bin:
>
>  Directory of C:\Program Files\PostgreSQL\9.0\bin
>
> 15.11.2009  16:37           200_704 ssleay32.dll
> 15.11.2009  16:37         1_017_344 libeay32.dll
>
> How to update them so that they match with linux server ?

Oh, interesting.  So we install SSL with our Win32 install, and I assume
that is a new/correct version of ssl.

Dave, this person says they are getting disconnected regularly and we
thought it was ssl renegotiation, but not I am unclear what is causing
the disconnection.

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + It's impossible for everything to be true. +

Re: 9.0 SSL renegotiation failure restoring data

From

Dave Page

Date:

21 October 2010, 14:05:38

On Thu, Oct 21, 2010 at 2:40 PM, Bruce Momjian <bruce@momjian.us> wrote:
> Andrus wrote:
>> > Uh, we don't ship SSL in the server.
>> > We ship code that _uses_ ssl, so I
>> > would look at your operating system to see what version of SSL you have,
>> > and perhaps update that.
>>
>> I installed postgres 9.0 RC in Windows from official link and looked into
>> bin:
>>
>>  Directory of C:\Program Files\PostgreSQL\9.0\bin
>>
>> 15.11.2009  16:37           200_704 ssleay32.dll
>> 15.11.2009  16:37         1_017_344 libeay32.dll
>>
>> How to update them so that they match with linux server ?
>
> Oh, interesting.  So we install SSL with our Win32 install, and I assume
> that is a new/correct version of ssl.
>
> Dave, this person says they are getting disconnected regularly and we
> thought it was ssl renegotiation, but not I am unclear what is causing
> the disconnection.

It's possible - it depends on what version of OpenSSL was available at
the time we started testing 9.0.

Dharmendra, can you please check and upgrade the build servers if necessary?

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company