| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Andres Freund <andres(at)anarazel(dot)de> |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Should we back-patch SSL renegotiation fixes? |
| Date: | 2015-06-24 21:20:31 |
| Message-ID: | CA+TgmoadC+m=kVojjT2q6tt9H1voNSWGyxCR=Pi8OXLak6SBng@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Jun 24, 2015 at 3:49 PM, Andres Freund <andres(at)anarazel(dot)de> wrote:
> On 2015-06-24 15:41:22 -0400, Peter Eisentraut wrote:
>> On 6/24/15 3:13 PM, Andres Freund wrote:
>> > Meh. The relevant branches already exist, as you can disable it today.
>> >
>> > We could also just change the default in the back branches.
>>
>> One more argument for leaving everything alone. If users don't like it,
>> they can turn it off themselves.
>
> Because it's so obvious to get there from "SSL error: unexpected
> message", "SSL error: bad write retry" or "SSL error: unexpected record"
> to disabling renegotiation. Right? Search the archives and you'll find
> plenty of those, mostly in relation to streaming rep. It took -hackers
> years to figure out what causes those, how are normal users supposed to
> a) correlate such errors with renegotiation b) evaluate what do about
> it?
We could document the issues, create release-note entries suggesting a
configuration change, and/or blog about it.
I don't accept the argument that there are not ways to tell users
about things they might want to do.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Josh Berkus | 2015-06-24 21:52:48 | Re: Oh, this is embarrassing: init file logic is still broken |
| Previous Message | Robert Haas | 2015-06-24 21:08:56 | Re: Should we back-patch SSL renegotiation fixes? |