Quick Links

Re: Recent vendor SSL renegotiation patches break PostgreSQL

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Michael Ledford <mledford(at)gmail(dot)com>
Cc:	pgsql-hackers(at)postgresql(dot)org
Subject:	Re: Recent vendor SSL renegotiation patches break PostgreSQL
Date:	2010-02-03 16:09:29
Message-ID:	11293.1265213369@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Michael Ledford <mledford(at)gmail(dot)com> writes:
> One might argue that the current method is already weakened as it is
> measured by the amount of data sent instead of of a length of time. A
> session could live a long time under the 512MB threshold depending on
> the queries that are being performed.

Renegotiation after X amount of data is the recommended method AFAIK,
because it limits the volume of data available to cryptanalysis.
What makes you think that elapsed time is relevant at all?

regards, tom lane

In response to

Re: Recent vendor SSL renegotiation patches break PostgreSQL at 2010-02-03 15:55:47 from Michael Ledford

Responses

Re: Recent vendor SSL renegotiation patches break PostgreSQL at 2010-02-03 16:52:08 from Michael Ledford
Re: Recent vendor SSL renegotiation patches break PostgreSQL at 2010-02-03 18:33:42 from Alvaro Herrera

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Robert Haas	2010-02-03 16:11:12	Re: [CFReview] Red-Black Tree
Previous Message	Robert Haas	2010-02-03 16:08:19	Re: Review of Writeable CTE Patch