From: | Andres Freund <andres(at)anarazel(dot)de> |
---|---|
To: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
Cc: | Noah Misch <noah(at)leadboat(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?) |
Date: | 2015-07-11 12:28:49 |
Message-ID: | 20150711122849.GN26521@alap3.anarazel.de |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 2015-07-11 21:09:05 +0900, Michael Paquier wrote:
> Something like the patches attached
Thanks for that!
> could be considered, one is for master
> and REL9_5_STABLE to remove ssl_renegotiation_limit, the second one for
> ~REL9_4_STABLE to change the default to 0.
> diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
> index c669f75..16c0ce5 100644
> --- a/doc/src/sgml/config.sgml
> +++ b/doc/src/sgml/config.sgml
> @@ -1040,7 +1040,7 @@ include_dir 'conf.d'
> cryptanalysis when large amounts of traffic can be examined, but it
> also carries a large performance penalty. The sum of sent and received
> traffic is used to check the limit. If this parameter is set to 0,
> - renegotiation is disabled. The default is <literal>512MB</>.
> + renegotiation is disabled. The default is <literal>0</>.
I think we should put in a warning or at least note about the dangers of
enabling it (connection breaks, exposure to several open openssl bugs).
Thanks,
Andres
From | Date | Subject | |
---|---|---|---|
Next Message | Tomas Vondra | 2015-07-11 12:31:25 | strange plan with bitmap heap scan and multiple partial indexes |
Previous Message | Michael Paquier | 2015-07-11 12:09:05 | Re: Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?) |