Skip site navigation (1) Skip section navigation (2)

Re: OpenSSL key renegotiation with patched openssl

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc>
Cc: Dave Cramer <davecramer(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: OpenSSL key renegotiation with patched openssl
Date: 2009-11-27 21:58:31
Message-ID: 20759.1259359111@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc> writes:
> Tom Lane wrote:
>> The discussion I saw suggested that you need such a patch at both ends.

> and likely requires a restart of both postgresql and slony afterwards...

Actually, after looking through the available info about this:
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
I think my comment above is wrong.  It is useful to patch the
*server*-side library to reject a renegotiation request.  Applying that
patch on the client side, however, is useless and simply breaks things.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Peter EisentrautDate: 2009-11-27 22:16:09
Subject: Re: unknown libpq service entries ignored
Previous:From: Stefan KaltenbrunnerDate: 2009-11-27 21:39:44
Subject: Re: OpenSSL key renegotiation with patched openssl

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group