Re: SSL renegotiation

On Mon, Aug 25, 2014 at 11:46:13PM -0400, Alvaro Herrera wrote:
> Tom Lane wrote:
> > OK, then maybe end-of-beta is too long. But how much testing will it get
> > during development? I know I never use SSL on development installs.
> > How many hackers do?
>
> Just a reminder that I intend to backpatch this (and subsequent fixes).
> We've gone over two 9.4 betas now. Maybe it'd be a good thing if the
> beta3 announcement carried a note about enabling SSL with a low
> ssl_renegotiation_limit setting.

To elaborate on my private comments of 2013-10-11, I share Robert's
wariness[1] concerning the magic number of 1024 bytes of renegotiation
headroom. Use of that number predates your work, but your work turned
exhaustion of that headroom into a FATAL error. Situations where the figure
is too small will become disruptive, whereas the problem is nearly invisible
today. Network congestion is a factor, so the lack of complaints during beta
is relatively uninformative. Disabling renegotiation is a quick workaround,
fortunately, but needing to use that workaround will damage users' fragile
faith in the safety of our minor releases.

My recommendation is to either keep this 9.4-only or do focused load testing
to determine the actual worst-case headroom requirement.

[1] http://www.postgresql.org/message-id/CA+TgmoZVGmyZLx7e4ARq_5nu4uDeN7wrvg1xJXg_o9c61CHu3g@mail.gmail.com