Re: Problem with streaming replication over SSL

From: "Albe Laurenz" <laurenz(dot)albe(at)wien(dot)gv(dot)at>
To: "Magnus Hagander *EXTERN*" <magnus(at)hagander(dot)net>
Cc: <pgsql-general(at)postgresql(dot)org>
Subject: Re: Problem with streaming replication over SSL
Date: 2012-11-06 11:47:24
Message-ID: D960CB61B694CF459DCFB4B0128514C208A4E9D1@exadv11.host.magwien.gv.at
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Magnus Hagander wrote:
>> I have streaming replication configured over SSL, and
>> there seems to be a problem with SSL renegotiation.
[...]
>> After that, streaming replication reconnects and resumes working.
>>
>> Is this an oversight in the replication protocol, or is this
>> working as designed?

> This sounds a lot like the general issue with SSL renegotiation, just
that it tends to show itself
> more often on replication connections since they don't disconnect very
often...
>
> Have you tried disabling SSL renegotiation on the connection
(ssl_renegotation=0)? If that helps, then
> the SSL library on one of the ends still has the problem with
renegotiation...

It can hardly be the CVE-2009-3555 renegotiation problem.

Both machines have OpenSSL 1.0.0, and RFC 5746 was implemented in
0.9.8m.

But I'll try to test if normal connections have the problem too.

Yours,
Laurenz Albe

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Magnus Hagander 2012-11-06 12:08:40 Re: Problem with streaming replication over SSL
Previous Message Magnus Hagander 2012-11-06 11:16:19 Re: Question about "ident_file" in postgres.conf