| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
| Cc: | Cameron Vogt <cvogt(at)automaticcontrols(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "pgsql-bugs(at)lists(dot)postgresql(dot)org" <pgsql-bugs(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: TLS session tickets disabled? |
| Date: | 2024-08-15 19:33:42 |
| Message-ID: | 9164991D-65CE-4461-9A81-C23C93E68D44@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
> On 15 Aug 2024, at 19:52, Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> wrote:
>
> On Thu, Aug 15, 2024 at 10:36 AM Cameron Vogt
> <cvogt(at)automaticcontrols(dot)net> wrote:
>> I don't know enough about TLS handshakes and session tickets to know where the bug truly lies (PostgreSQL/OpenSSL vs .NET's SslStream).
>
> I'm getting the feeling that this is our bug, and that we should be
> using both SSL_OP_NO_TICKET (for TLSv1.2) and SSL_CTX_set_num_tickets
> (for TLSv1.3). I don't see any indication in the docs or source that
> the latter does anything for 1.2.
Thanks for copying me, I have been on vacation and had missed this thread. It
does indeed have the smell of me messing up when reading the OpenSSL docs =(
--
Daniel Gustafsson
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2024-08-15 20:32:32 | Re: Using current_user as an argument of pl/pgsql function affects collation of other arguments |
| Previous Message | Kuntal Ghosh | 2024-08-15 19:31:49 | Re: BUG #18559: Crash after detaching a partition concurrently from another session |