Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?)

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Andres Freund <andres(at)anarazel(dot)de>
Cc: Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?)
Date: 2015-06-27 16:10:49
Message-ID: 22324.1435421449@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Andres Freund <andres(at)anarazel(dot)de> writes:
> On 2015-06-27 15:07:05 +0900, Michael Paquier wrote:
>> +1 for removing on master and just disabling on back-branches.

> The problem with that approach is that it leaves people hanging in the
> dry if they've uncommented the default value, or changed it. That
> doesn't seem nice to me.

I think at least 99% of the people who are using a nondefault value of
ssl_renegotiation_limit are using zero and so would have no problem with
this at all. Possibly 100% of them; there's not really much use-case for
changing from 512MB to some other nonzero value, is there?

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Andres Freund 2015-06-27 16:13:36 Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?)
Previous Message Andres Freund 2015-06-27 16:00:24 Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?)