Re: Recent vendor SSL renegotiation patches break PostgreSQL
From:
Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:
Michael Ledford <mledford(at)gmail(dot)com>
Cc:
pgsql-hackers(at)postgresql(dot)org
Subject:
Re: Recent vendor SSL renegotiation patches break PostgreSQL
Date:
2010-02-03 16:09:29
Message-ID:
11293.1265213369@sss.pgh.pa.us (view raw or flat )
Thread:
2010-02-03 11:24:30 from Chris Campbell <chris_campbell(at)mac(dot)com>
2010-02-03 15:03:45 from Robert Haas <robertmhaas(at)gmail(dot)com>
2010-02-03 15:16:29 from Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc>
2010-02-03 15:20:04 from Chris Campbell <chris_campbell(at)mac(dot)com>
2010-02-03 15:21:25 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-02-03 15:28:48 from Robert Haas <robertmhaas(at)gmail(dot)com>
2010-02-03 15:35:00 from Chris Campbell <chris_campbell(at)mac(dot)com>
2010-02-03 16:58:36 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-02-03 17:07:09 from Bruce Momjian <bruce(at)momjian(dot)us>
2010-02-20 17:46:38 from Bruce Momjian <bruce(at)momjian(dot)us>
2010-02-20 17:55:27 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-02-22 16:42:37 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-02-22 16:54:31 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-02-22 17:00:33 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-02-22 17:25:08 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-02-22 17:31:17 from Chris Campbell <chris_campbell(at)mac(dot)com>
2010-02-22 19:34:03 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-02-22 17:32:47 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2010-02-22 19:39:46 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-02-22 19:57:01 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-02-23 08:53:00 from "Albe Laurenz" <laurenz(dot)albe(at)wien(dot)gv(dot)at>
2010-02-23 11:04:41 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-02-23 11:03:43 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-02-24 16:27:01 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-02-24 16:40:14 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-02-24 16:47:09 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-02-25 09:42:27 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-02-25 13:27:21 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-02-25 15:10:41 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-02-25 14:27:25 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-02-25 14:59:53 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-02-22 17:35:29 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2010-02-22 17:45:48 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-02-22 18:49:29 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2010-02-22 19:00:20 from Dave Page <dpage(at)pgadmin(dot)org>
2010-02-03 15:55:47 from Michael Ledford <mledford(at)gmail(dot)com>
2010-02-03 16:09:29 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-02-03 16:52:08 from Michael Ledford <mledford(at)gmail(dot)com>
2010-02-03 17:04:06 from Robert Haas <robertmhaas(at)gmail(dot)com>
2010-02-03 18:33:42 from Alvaro Herrera <alvherre(at)commandprompt(dot)com>
2010-02-03 18:44:02 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-02-04 06:42:16 from Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com>
Lists:
pgsql-hackers
Michael Ledford <mledford(at)gmail(dot)com> writes:
> One might argue that the current method is already weakened as it is
> measured by the amount of data sent instead of of a length of time. A
> session could live a long time under the 512MB threshold depending on
> the queries that are being performed.
Renegotiation after X amount of data is the recommended method AFAIK,
because it limits the volume of data available to cryptanalysis.
What makes you think that elapsed time is relevant at all?
regards, tom lane
In response to
Responses
pgsql-hackers by date
Next :From: Robert HaasDate: 2010-02-03 16:11:12Subject : Re: [CFReview] Red-Black TreePrevious :From : Robert HaasDate : 2010-02-03 16:08:19Subject : Re: Review of Writeable CTE Patch
