Re: Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?)

On Sat, Jul 11, 2015 at 9:28 PM, Andres Freund <andres(at)anarazel(dot)de> wrote:

> On 2015-07-11 21:09:05 +0900, Michael Paquier wrote:
> > Something like the patches attached
>
> Thanks for that!
>
> > could be considered, one is for master
> > and REL9_5_STABLE to remove ssl_renegotiation_limit, the second one for
> > ~REL9_4_STABLE to change the default to 0.
>
> > diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
> > index c669f75..16c0ce5 100644
> > --- a/doc/src/sgml/config.sgml
> > +++ b/doc/src/sgml/config.sgml
> > @@ -1040,7 +1040,7 @@ include_dir 'conf.d'
> > cryptanalysis when large amounts of traffic can be examined,
> but it
> > also carries a large performance penalty. The sum of sent and
> received
> > traffic is used to check the limit. If this parameter is set to
> 0,
> > - renegotiation is disabled. The default is <literal>512MB</>.
> > + renegotiation is disabled. The default is <literal>0</>.
>
> I think we should put in a warning or at least note about the dangers of
> enabling it (connection breaks, exposure to several open openssl bugs).
>

This sounds like a good idea to me. Here is an idea:
+ <warning>
+ <para>
+ Enabling <varname>ssl_renegotiation_limit</> can cause various
+ problems endangering the stability of a <productname>PostgreSQL</>
+ instance like connection breaking suddendly and exposes the
+ server to bugs related to the internal implementation of
renegotiation
+ done in the SSL libraries used.
+ </para>
+ </warning>
Attached is v2 for ~9.4.
Regards,
--
Michael