| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Andres Freund <andres(at)anarazel(dot)de> |
| Cc: | Shay Rojansky <roji(at)roji(dot)org>, "Pgsql-hackers(at)postgresql(dot)org" <Pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Allow ssl_renegotiation_limit in PG 9.5 |
| Date: | 2015-10-14 17:04:30 |
| Message-ID: | 31025.1444842270@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Andres Freund <andres(at)anarazel(dot)de> writes:
> On 2015-10-14 18:53:14 +0300, Shay Rojansky wrote:
>> However, the new situation where some versions of PG allow this parameter
>> while others bomb when seeing it. Specifically, Npgsql sends
>> ssl_renegotiation_limit=0 in the startup packet to completely disable
>> renegotiation. At this early stage it doesn't know yet whether the database
>> it's connecting to is PG 9.5 or earlier.
> I find it a rather debatable practice to send such a parameter
> unconditionally. Why are you sending it before the connection has even
> been established?
It doesn't seem to me that a connector such as npgsql has any business
whatsoever fooling with such a parameter, unconditionally or otherwise.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2015-10-14 17:06:38 | Re: Allow ssl_renegotiation_limit in PG 9.5 |
| Previous Message | Jim Nasby | 2015-10-14 17:04:08 | Re: Can extension build own SGML document? |