| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Andres Freund <andres(at)anarazel(dot)de> |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Should we back-patch SSL renegotiation fixes? |
| Date: | 2015-06-26 14:26:58 |
| Message-ID: | CA+TgmoZ+BrQm=3XsVsyp5XPfORJdmfbz8we-_MkJLg+XXiJ=NA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Jun 26, 2015 at 9:59 AM, Andres Freund <andres(at)anarazel(dot)de> wrote:
> Generally I'd agree that that is a bad thing. But there's really not
> much of a observable behaviour change in this case? Except that
> connections using ssl break less often.
Well, SSL renegotiation exists for a reason: to improve security.
It's not awesome that we're being forced to shut off features that are
designed to improve security. But it seems we have little choice, at
least until we can support some other SSL implementation (and maybe
not even then).
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2015-06-26 14:30:26 | Re: Should we back-patch SSL renegotiation fixes? |
| Previous Message | Tom Lane | 2015-06-26 14:21:59 | Re: Nitpicking: unnecessary NULL-pointer check in pg_upgrade's controldata.c |