From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Should we back-patch SSL renegotiation fixes? |
Date: | 2015-06-23 18:59:06 |
Message-ID: | CA+TgmoY7RAqN4=XfOW8dk+2az+tTBfvM5L36es-tnxTKxoEmyQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Tue, Jun 23, 2015 at 2:33 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Those of you who have been following
> http://www.postgresql.org/message-id/flat/1d3bc192-970d-4b70-a5fe-38d2a9f762b3(at)me(dot)com
> are aware that Red Hat shipped a rather broken version of openssl last
> week. While waiting for them to fix it, I've been poking at the behavior,
> and have found out that PG 9.4 and later are much less badly broken than
> older branches. In the newer branches you'll see a failure only after
> transmitting 2GB within a session, whereas the older branches fail at
> the second renegotiation attempt, which would typically be 1GB of data
> and could be a lot less.
>
> I do not know at this point whether these behaviors are really the same
> bug or not, but I wonder whether it's time to consider back-patching the
> renegotiation fixes we did in 9.4. Specifically, I think maybe we should
> back-patch 31cf1a1a4, 86029b31e, and 36a3be654. (There are more changes
> in master, but since those haven't yet shipped in any released branch,
> and there's been a lot of other rework in the same area, those probably
> are not back-patch candidates.)
>
> Thoughts?
I have no clear idea how safe it is to back-port these fixes.
Just as a point of reference, we had a customer hit a problem similar
to bug #12769 on 9.3.x. I think (but am not sure) that 272923a0a may
have been intended to fix that issue. In a quick search, I didn't
find any other complaints about renegotiation-related issues from our
customers.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2015-06-23 19:20:14 | Re: btree_gin and BETWEEN |
Previous Message | Michael Paquier | 2015-06-23 18:36:14 | Re: pg_rewind failure by file deletion in source server |