| From: | minfrin(at)sharp(dot)fm |
|---|---|
| To: | pgsql-bugs(at)postgresql(dot)org |
| Cc: | minfrin(at)sharp(dot)fm |
| Subject: | BUG #14893: libpq SSL ClientHello too long, no option to set ciphers or affect cipher list length |
| Date: | 2017-11-09 13:57:18 |
| Message-ID: | 20171109135718.1492.93238@wrigleys.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
The following bug has been logged on the website:
Bug reference: 14893
Logged by: Graham Leggett
Email address: minfrin(at)sharp(dot)fm
PostgreSQL version: 9.5.9
Operating system: Ubuntu Xenial
Description:
Hi all,
I am having trouble on an Ubuntu Xenial machine where the out-the-box psql
refuses to connect to the out-the-box postgresql over SSL. The same setup
worked on Ubuntu Trusty.
Debugging reveals that the cipher list sent by the libpg client is too long
(greater than 255 bytes), and this causes the postgresql server to slam down
the phone, or it derails the client side enough that a bogus message "tlsv1
alert unknown ca" is returned by the client.
We need a way to either:
- Set the sslcipher in the connection URL, or
- Set the default cipher during the connection to something reasonably
sensible to keep the ClientHello size down.
The cipher can be controlled by ssl_cipher on the server side, but this was
forgotten on the client side.
Regards,
Graham
--
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kotadiya Dhrupesh | 2017-11-09 14:13:29 | Help me plz |
| Previous Message | Jeevan Chalke | 2017-11-09 11:59:12 | Re: BUG #14890: Error grouping by same column twice using FDW |