Re: pgpool ssl handshake failure

On 10/15/2015 06:59 AM, AI Rumman wrote:
> Hi,
>
> I am using pgpool-II version 3.4.3 (tataraboshi).
> Where my database is Postgresql 8.4.

Probably already know, but 8.4 is approximately 1.25 years beyond EOL:

http://www.postgresql.org/support/versioning/

>
> I am trying to configure ssl mode from client and between pgpool and
> database it is non-ssl.

What is non-ssl, the database or pgpool?

> I configured as document and now I am getting this in my log:
>
> /2015-10-13 22:17:58: pid 1857: LOG: new connection received
> //2015-10-13 22:17:58: pid 1857: DETAIL: connecting host=10.0.0.5
> port=65326
> //2015-10-13 22:17:58: pid 1857: LOG: pool_ssl: "SSL_read": "ssl
> handshake failure"
> //2015-10-13 22:17:58: pid 1857: ERROR: unable to read data from
> frontend
> //2015-10-13 22:17:58: pid 1857: DETAIL: socket read failed with an
> error "Success"/
>
> Please let me know what wrong I am doing.

Not quite sure but given the below from the 9.5 Release Notes:

"
Remove server configuration parameter ssl_renegotiation_limit, which was
deprecated in earlier releases (Andres Freund)

While SSL renegotiation is a good idea in theory, it has caused enough
bugs to be considered a net negative in practice, and it is due to be
removed from future versions of the relevant standards. We have
therefore removed support for it from PostgreSQL."

I would check to see what ssl_renegotiation_limit is set to:

http://www.postgresql.org/docs/8.4/static/runtime-config-connection.html

and if it is not set to 0, then try that.

>
> Thanks & Regards.
>

--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com