Re: TLS session tickets disabled?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Cameron Vogt <cvogt(at)automaticcontrols(dot)net>
Cc: "pgsql-bugs(at)lists(dot)postgresql(dot)org" <pgsql-bugs(at)lists(dot)postgresql(dot)org>
Subject: Re: TLS session tickets disabled?
Date: 2024-08-13 18:05:34
Message-ID: 45862.1723572334@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

Cameron Vogt <cvogt(at)automaticcontrols(dot)net> writes:
> I recently updated one of my PostgreSQL databases to 16.4. Since updating, I am unable to refresh Power BI reports that rely on the database. The error message in my PostgreSQL server's log file is "could not accept SSL connection: session id context uninitialized". I looked up the error message and found my issue in another mailing list: https://www.postgresql.org/message-id/CADT4RqBU8N-csyZuzaook-c795dt22Zcwg1aHWB6tfVdAkodZA%40mail.gmail.com.
> After reading the old thread, it looks like the resolution was to make the PostgreSQL server pass SSL_OP_NO_TICKET to SSL_CTX_set_options. I believe the 16.4 update has resurrected this issue. In the 16.4 release notes, I found a bullet point that says:

> "Disable creation of stateful TLS session tickets by OpenSSL.
> This avoids possible failures with clients that think receipt of a session ticket means that TLS session resumption is supported."

> Would it be possible to get this change reverted in the next update?

What is your argument that it's not the client that is broken?
AFAIK, it should not be requiring a session ticket to exist.

regards, tom lane

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Alvaro Herrera from 2ndQuadrant 2024-08-13 18:18:58 Re: BUG #18559: Crash after detaching a partition concurrently from another session
Previous Message PG Bug reporting form 2024-08-13 12:29:57 BUG #18582: fixed range of search for empty slot in SLRU