Re: OpenSSL key renegotiation with patched openssl

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc>
Cc: Dave Cramer <davecramer(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: OpenSSL key renegotiation with patched openssl
Date: 2009-11-27 21:58:31
Message-ID: 20759.1259359111@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc> writes:
> Tom Lane wrote:
>> The discussion I saw suggested that you need such a patch at both ends.

> and likely requires a restart of both postgresql and slony afterwards...

Actually, after looking through the available info about this:
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
I think my comment above is wrong. It is useful to patch the
*server*-side library to reject a renegotiation request. Applying that
patch on the client side, however, is useless and simply breaks things.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Peter Eisentraut 2009-11-27 22:16:09 Re: unknown libpq service entries ignored
Previous Message Stefan Kaltenbrunner 2009-11-27 21:39:44 Re: OpenSSL key renegotiation with patched openssl