Re: Recent vendor SSL renegotiation patches break PostgreSQL

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Chris Campbell <chris_campbell(at)mac(dot)com>
Cc: Robert Haas <robertmhaas(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Recent vendor SSL renegotiation patches break PostgreSQL
Date: 2010-02-03 16:58:36
Message-ID: 22255.1265216316@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Chris Campbell <chris_campbell(at)mac(dot)com> writes:
> Is there a way to detect when the SSL library has renegotiation disabled?

Probably not. The current set of emergency security patches would
certainly not have exposed any new API that would help us tell this :-(

If said patches were done properly they'd have also turned an
application-level renegotiation request into a no-op, instead of
breaking apps by making it fail --- but apparently they were not done
properly.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2010-02-03 17:04:06 Re: Recent vendor SSL renegotiation patches break PostgreSQL
Previous Message Michael Ledford 2010-02-03 16:52:08 Re: Recent vendor SSL renegotiation patches break PostgreSQL