Quick Links

Re: Recent vendor SSL renegotiation patches break PostgreSQL

From:	Michael Ledford <mledford(at)gmail(dot)com>
To:	pgsql-hackers(at)postgresql(dot)org
Subject:	Re: Recent vendor SSL renegotiation patches break PostgreSQL
Date:	2010-02-03 15:55:47
Message-ID:	8adf46ea1002030755w28703a2fo3a4330c49e18eed9@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Wed, Feb 3, 2010 at 10:21 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> Bad idea: once set, it'll never get unset, thus leaving installations
> with a weakened security posture even after they've installed fixed
> versions of openssl.
>
> regards, tom lane

One might argue that the current method is already weakened as it is
measured by the amount of data sent instead of of a length of time. A
session could live a long time under the 512MB threshold depending on
the queries that are being performed.

Michael

In response to

Re: Recent vendor SSL renegotiation patches break PostgreSQL at 2010-02-03 15:21:25 from Tom Lane

Responses

Re: Recent vendor SSL renegotiation patches break PostgreSQL at 2010-02-03 16:09:29 from Tom Lane

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Robert Haas	2010-02-03 15:58:37	Re: rbtree test data
Previous Message	Tom Lane	2010-02-03 15:48:20	Re: [COMMITTERS] pgsql: Assorted cleanups in preparation for using a map file to support