Skip site navigation (1) Skip section navigation (2)

Re: OpenSSL key renegotiation with patched openssl

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc>, Dave Cramer <davecramer(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: OpenSSL key renegotiation with patched openssl
Date: 2009-11-30 21:43:21
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
Magnus Hagander <magnus(at)hagander(dot)net> writes:
> I haven't looked into the details but - is there a point for us to
> remove the requests for renegotiation completely?

The periodic renegotiations are a recommended security measure.
Fixing one hole by introducing a different attack vector doesn't
seem to me to be an improvement.  Also, when would we undo it?
At least with the current situation, there is an incentive for
people to get a corrected version of openssl as soon as possible
(not "patched", since what this patch does is break essential
functionality; but actually fixed).

			regards, tom lane

In response to

pgsql-hackers by date

Next:From: Craig RingerDate: 2009-11-30 21:45:09
Subject: Re: draft RFC: concept for partial, wal-based replication
Previous:From: Robert HaasDate: 2009-11-30 21:38:30
Subject: Re: Application name patch - v4

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group