From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Magnus Hagander <magnus(at)hagander(dot)net> |
Cc: | Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc>, Dave Cramer <davecramer(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: OpenSSL key renegotiation with patched openssl |
Date: | 2009-11-30 21:43:21 |
Message-ID: | 12085.1259617401@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Magnus Hagander <magnus(at)hagander(dot)net> writes:
> I haven't looked into the details but - is there a point for us to
> remove the requests for renegotiation completely?
The periodic renegotiations are a recommended security measure.
Fixing one hole by introducing a different attack vector doesn't
seem to me to be an improvement. Also, when would we undo it?
At least with the current situation, there is an incentive for
people to get a corrected version of openssl as soon as possible
(not "patched", since what this patch does is break essential
functionality; but actually fixed).
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Craig Ringer | 2009-11-30 21:45:09 | Re: draft RFC: concept for partial, wal-based replication |
Previous Message | Robert Haas | 2009-11-30 21:38:30 | Re: Application name patch - v4 |