From: | raf <raf(at)raf(dot)org> |
---|---|
To: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: postgres-8.4SS, pg_dump from macosx-10.6 has "ssl handshake error" 26% in |
Date: | 2010-07-28 06:09:31 |
Message-ID: | 20100728060931.GA31509@raf.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Tom Lane wrote:
> raf <raf(at)raf(dot)org> writes:
> > i'm having a little openssl problem with pg_dump over a wireless
> > lan with postgres-8.4SS (on linux) from enterprisedb and
> > a macosx-10.6 client.
>
> > when i run pg_dump from a wired linux client it's always fine
> > but since i switched from a macosx-10.4 laptop to a
> > macosx-10.6 laptop, every time i run pg_dump from the laptop
> > over the wireless lan, it's fine for a few minutes and then,
> > 26% of the way in, it stalls and never completes.
>
> What this sounds like is you've got an openssl library with deliberately
> broken renegotiate behavior. Google for CVE-2009-3555 to learn
> something about why that might be.
>
> Assuming that "8.4SS" actually means 8.4.3 or later, you can work around
> this by setting ssl_renegotiation_limit to zero in the server. But it'd
> be better to get a copy of libssl with an actual fix, rather than a
> braindead kluge, for the CVE problem.
the latest enterprisedb standard server is only 8.4.1 (New! 13-Oct-09) :-)
> I'm not real sure which of the two ssl libraries you've got is at fault
> (they might both be :-()
both sides are using 0.9.7 so they're both vulnerable.
i can probably replace the server's copy of libssl with a more
recent version. the client end is a bit trickier. it's using
a system libssl but both 0.9.7 and 0.9.8 are present in the
same directory and it's using 0.9.7. no, removing 0.9.7 or
overwriting it with 0.9.8 doesn't work. i didn't think it
would. :)
i think i'll have to switch from enterprisedb's standard
server to the core distribution to get the latest version
which hopefully uses the more recent libssl.
many thanks.
> regards, tom lane
cheers,
raf
From | Date | Subject | |
---|---|---|---|
Next Message | Thomas Kellerer | 2010-07-28 06:25:20 | Re: Comparison of Oracle and PostgreSQL full text search |
Previous Message | Sandeep Srinivasa | 2010-07-28 05:51:32 | Which CMS/Ecommerce/Shopping cart ? |