On Jun 24, 2015 5:13 PM, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> Andres Freund <andres(at)anarazel(dot)de> writes:
> > I, by now, have come to a different conclusion. I think it's time to
> > entirely drop the renegotiation support.
>
> Well, that's a radical proposal, but I think we should take it seriously.
>
Yes.
Just on my phone right now, but wasn't renegotiation also an attack vector
in one of the recent openssl bugs?
/Magnus