Quick Links

Re: PostgreSQL not setting OpenSSL session id context?

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Shay Rojansky <roji(at)roji(dot)org>
Cc:	pgsql-hackers(at)postgresql(dot)org
Subject:	Re: PostgreSQL not setting OpenSSL session id context?
Date:	2017-07-30 19:59:47
Message-ID:	4727.1501444787@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

I wrote:
> I think what you need to do is tell SslStream not to expect that PG
> servers will do session resumption. (I'm a bit astonished that that
> would be its default assumption in the first place, but whatever.)

Actually, after a bit of further googling, it seems that the brain
damage here may be on the server side. It seems that OpenSSL will
send a session ticket if requested, even though the surrounding
application has given it no means to identify the session (!?).
Apparently we need to pass SSL_OP_NO_TICKET to SSL_CTX_set_options
to prevent that from happening.

regards, tom lane

In response to

Re: PostgreSQL not setting OpenSSL session id context? at 2017-07-30 19:17:58 from Tom Lane

Responses

Re: PostgreSQL not setting OpenSSL session id context? at 2017-07-30 22:15:09 from Shay Rojansky

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Tom Lane	2017-07-30 20:35:28	Re: PL_stashcache, or, what's our minimum Perl version?
Previous Message	Tom Lane	2017-07-30 19:17:58	Re: PostgreSQL not setting OpenSSL session id context?