| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc> |
| Cc: | Dave Cramer <davecramer(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: OpenSSL key renegotiation with patched openssl |
| Date: | 2009-11-27 21:58:31 |
| Message-ID: | 20759.1259359111@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc> writes:
> Tom Lane wrote:
>> The discussion I saw suggested that you need such a patch at both ends.
> and likely requires a restart of both postgresql and slony afterwards...
Actually, after looking through the available info about this:
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
I think my comment above is wrong. It is useful to patch the
*server*-side library to reject a renegotiation request. Applying that
patch on the client side, however, is useless and simply breaks things.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2009-11-27 22:16:09 | Re: unknown libpq service entries ignored |
| Previous Message | Stefan Kaltenbrunner | 2009-11-27 21:39:44 | Re: OpenSSL key renegotiation with patched openssl |