Re: TLS session tickets disabled?

From: Cameron Vogt <cvogt(at)automaticcontrols(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "pgsql-bugs(at)lists(dot)postgresql(dot)org" <pgsql-bugs(at)lists(dot)postgresql(dot)org>
Subject: Re: TLS session tickets disabled?
Date: 2024-08-13 20:59:07
Message-ID: DM6PR16MB3145B2AE690E9717C63D0C9CAB862@DM6PR16MB3145.namprd16.prod.outlook.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

I dug into it a little more, and you may be correct that the Power BI client is broken. I was able to retrieve a log file from Power BI, and I've attached the stack trace to this email. The log suggests that NpgSQL may be part of the problem (especially considering that the old 2017 thread was also in reference to NpgSQL). According to https://learn.microsoft.com/en-us/power-query/connectors/postgresql#prerequisites, Power BI relies upon NpgSQL 4.0.10, and it apparently won't work with any later version due to ".NET version incompatibilities".

I ran a few tests to verify if NpgSQL is the problem. Refer to the attached .NET source file: minimal_test.cs. I can successfully create one connection to PostgreSQL 16.4 using NpgSQL 4.0.10, but when I try to create a second connection without closing the first, I get a "could not accept SSL connection: session id context uninitialized" error message. When using the latest version (NpgSQL 8.0.3), I cannot reproduce the error. Thus the ideal solution would be for Microsoft to update Power BI's NpgSQL dependency.

In summary, it seems that NpgSQL 4.0.10 has a bug making it incompatible with PostgreSQL 16.4 in certain cases. I have no control over Power BI and which version of NpgSQL they use, but I can submit a bug report to Microsoft if you think that would be best. I suppose the short-term solution is to downgrade my PostgreSQL server to 16.3 until Microsoft figures out their end.

Thank you,
Cameron Vogt

Cameron Vogt | Software Developer
Direct: 314-756-2302 | Cell: 636-388-2050
1585 Fencorp Drive | Fenton, MO 63026
Automatic Controls Equipment Systems, Inc.

________________________________
From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Sent: Tuesday, August 13, 2024 1:05 PM
To: Cameron Vogt <cvogt(at)automaticcontrols(dot)net>
Cc: pgsql-bugs(at)lists(dot)postgresql(dot)org <pgsql-bugs(at)lists(dot)postgresql(dot)org>
Subject: Re: TLS session tickets disabled?

Cameron Vogt <cvogt(at)automaticcontrols(dot)net> writes:
> I recently updated one of my PostgreSQL databases to 16.4. Since updating, I am unable to refresh Power BI reports that rely on the database. The error message in my PostgreSQL server's log file is "could not accept SSL connection: session id context uninitialized". I looked up the error message and found my issue in another mailing list: https://urldefense.proofpoint.com/v2/url?u=https-3A__www.postgresql.org_message-2Did_CADT4RqBU8N-2DcsyZuzaook-2Dc795dt22Zcwg1aHWB6tfVdAkodZA-2540mail.gmail.com&d=DwIFAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=T46-GxAN5Skc2EVmozD7SN2IexQmZD6kBcLbq8QBSuA&m=Hor0LlyPxpRxGFt45LTAqk9aD5kGH0NB8S-Nuq571G8ApUK0ZbtCwoBi6SRlX7Dk&s=9CDjPoCGGUBc47DX1-Are_QlgJ0vLVZvy9y_4GYROhw&e=.
> After reading the old thread, it looks like the resolution was to make the PostgreSQL server pass SSL_OP_NO_TICKET to SSL_CTX_set_options. I believe the 16.4 update has resurrected this issue. In the 16.4 release notes, I found a bullet point that says:

> "Disable creation of stateful TLS session tickets by OpenSSL.
> This avoids possible failures with clients that think receipt of a session ticket means that TLS session resumption is supported."

> Would it be possible to get this change reverted in the next update?

What is your argument that it's not the client that is broken?
AFAIK, it should not be requiring a session ticket to exist.

regards, tom lane

Attachment Content-Type Size
powerbi_client_error.log application/octet-stream 2.5 KB
minimal_test.cs text/plain 311 bytes

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message DBA 2024-08-14 01:41:50 Certain options in pg_upgrade don't seem to work.
Previous Message David G. Johnston 2024-08-13 19:23:24 Re: a row is not inserted in nested INSERT ON CONFLICT