| From: | "Albe Laurenz" <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
|---|---|
| To: | "Magnus Hagander *EXTERN*" <magnus(at)hagander(dot)net> |
| Cc: | <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Problem with streaming replication over SSL |
| Date: | 2012-11-06 11:47:24 |
| Message-ID: | D960CB61B694CF459DCFB4B0128514C208A4E9D1@exadv11.host.magwien.gv.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Magnus Hagander wrote:
>> I have streaming replication configured over SSL, and
>> there seems to be a problem with SSL renegotiation.
[...]
>> After that, streaming replication reconnects and resumes working.
>>
>> Is this an oversight in the replication protocol, or is this
>> working as designed?
> This sounds a lot like the general issue with SSL renegotiation, just
that it tends to show itself
> more often on replication connections since they don't disconnect very
often...
>
> Have you tried disabling SSL renegotiation on the connection
(ssl_renegotation=0)? If that helps, then
> the SSL library on one of the ends still has the problem with
renegotiation...
It can hardly be the CVE-2009-3555 renegotiation problem.
Both machines have OpenSSL 1.0.0, and RFC 5746 was implemented in
0.9.8m.
But I'll try to test if normal connections have the problem too.
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2012-11-06 12:08:40 | Re: Problem with streaming replication over SSL |
| Previous Message | Magnus Hagander | 2012-11-06 11:16:19 | Re: Question about "ident_file" in postgres.conf |