| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Thomas Munro <thomas(dot)munro(at)gmail(dot)com> |
| Cc: | Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Rare SSL failures on eelpout |
| Date: | 2019-03-17 22:41:41 |
| Message-ID: | 23972.1552862501@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Thomas Munro <thomas(dot)munro(at)gmail(dot)com> writes:
> On Sun, Mar 17, 2019 at 2:00 AM Thomas Munro <thomas(dot)munro(at)gmail(dot)com> wrote:
>> I opened a bug report with OpenSSL, let's see what they say:
>> https://github.com/openssl/openssl/issues/8500
> This was an intentional change in TLS1.3, reducing round trips by
> verifying the client certificate later.
Ugh. So probably we can reproduce it elsewhere if we use cutting-edge
OpenSSL versions.
> I'm pretty sure the fix I mentioned earlier -- namely adding an ad-hoc
> call to pqHandleSendFailure() if we fail to send the start-up packet
> -- would fix eelpout's measles (though obviously wouldn't solve the
> problem for Windows given what we have learned about its TCP
> implementation). I should probably go and do that, unless you want to
> write the more general handling for send failure you described, and
> are prepared to back-patch it?
Well, I'm not sure about the back-patching aspect of that, but maybe
I should write the patch and then we should see how risky it looks.
Give me a few days ...
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nikita Glukhov | 2019-03-17 22:57:36 | Re: jsonpath |
| Previous Message | Thomas Munro | 2019-03-17 22:34:35 | Re: Rare SSL failures on eelpout |