| From: | Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Chris Campbell <chris_campbell(at)mac(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Recent vendor SSL renegotiation patches break PostgreSQL |
| Date: | 2010-02-03 15:16:29 |
| Message-ID: | 4B69934D.7060307@kaltenbrunner.cc |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Robert Haas wrote:
> On Wed, Feb 3, 2010 at 6:24 AM, Chris Campbell <chris_campbell(at)mac(dot)com> wrote:
>> The flurry of patches that vendors have recently been making to OpenSSL to address
>> the potential man-in-the-middle attack during SSL renegotiation have disabled SSL
>> renegotiation altogether in the OpenSSL libraries. Applications that make use of SSL
>> renegotiation, such as PostgreSQL, start failing.
>
> Should we think about adding a GUC to disable renegotiation until this
> blows over?
hmm I wonder if we should not go as far as removing the whole
renegotiation code, from the field it seems that there are very very few
daemons actually doing that kind forced renegotiation.
Stefan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Chris Campbell | 2010-02-03 15:20:04 | Re: Recent vendor SSL renegotiation patches break PostgreSQL |
| Previous Message | Robert Haas | 2010-02-03 15:03:45 | Re: Recent vendor SSL renegotiation patches break PostgreSQL |