Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?)

On Sat, Jun 27, 2015 at 06:13:36PM +0200, Andres Freund wrote:
> On 2015-06-27 12:10:49 -0400, Tom Lane wrote:
> > Andres Freund <andres(at)anarazel(dot)de> writes:
> > > On 2015-06-27 15:07:05 +0900, Michael Paquier wrote:
> > >> +1 for removing on master and just disabling on back-branches.
> >
> > > The problem with that approach is that it leaves people hanging in the
> > > dry if they've uncommented the default value, or changed it. That
> > > doesn't seem nice to me.
> >
> > I think at least 99% of the people who are using a nondefault value of
> > ssl_renegotiation_limit are using zero and so would have no problem with
> > this at all. Possibly 100% of them; there's not really much use-case for
> > changing from 512MB to some other nonzero value, is there?
>
> While still at 2ndq I've seen some increase it to nonzero values to cope
> with the connection breaks.

We'd need to be triply confident that we know better than the DBA before
removing flexibility in back branches. +1 for just changing the default.
Suppose some security policy mandates a particular key rotation interval; the
minor release would force an awkward decision on that user. DBAs who have
customized ssl_renegotiation_limit are more likely than most to notice the
release note and make an informed decision.