Skip site navigation (1) Skip section navigation (2)

Re: Recent vendor SSL renegotiation patches break PostgreSQL

From: Michael Ledford <mledford(at)gmail(dot)com>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Recent vendor SSL renegotiation patches break PostgreSQL
Date: 2010-02-03 15:55:47
Message-ID: 8adf46ea1002030755w28703a2fo3a4330c49e18eed9@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-hackers
On Wed, Feb 3, 2010 at 10:21 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> Bad idea: once set, it'll never get unset, thus leaving installations
> with a weakened security posture even after they've installed fixed
> versions of openssl.
>
>                        regards, tom lane

One might argue that the current method is already weakened as it is
measured by the amount of data sent instead of of a length of time. A
session could live a long time under the 512MB threshold depending on
the queries that are being performed.

Michael

In response to

Responses

pgsql-hackers by date

Next:From: Robert HaasDate: 2010-02-03 15:58:37
Subject: Re: rbtree test data
Previous:From: Tom LaneDate: 2010-02-03 15:48:20
Subject: Re: [COMMITTERS] pgsql: Assorted cleanups in preparation for using a map file to support

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group