| From: | Andres Freund <andres(at)anarazel(dot)de> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Should we back-patch SSL renegotiation fixes? |
| Date: | 2015-06-24 19:49:51 |
| Message-ID: | 20150624194951.GC14672@awork2.anarazel.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2015-06-24 15:41:22 -0400, Peter Eisentraut wrote:
> On 6/24/15 3:13 PM, Andres Freund wrote:
> > Meh. The relevant branches already exist, as you can disable it today.
> >
> > We could also just change the default in the back branches.
>
> One more argument for leaving everything alone. If users don't like it,
> they can turn it off themselves.
Because it's so obvious to get there from "SSL error: unexpected
message", "SSL error: bad write retry" or "SSL error: unexpected record"
to disabling renegotiation. Right? Search the archives and you'll find
plenty of those, mostly in relation to streaming rep. It took -hackers
years to figure out what causes those, how are normal users supposed to
a) correlate such errors with renegotiation b) evaluate what do about
it?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2015-06-24 19:50:00 | Re: git push hook to check for outdated timestamps |
| Previous Message | Peter Eisentraut | 2015-06-24 19:41:22 | Re: Should we back-patch SSL renegotiation fixes? |