Re: Should we back-patch SSL renegotiation fixes?

On June 24, 2015 9:07:35 PM GMT+02:00, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
>On 6/24/15 12:26 PM, Tom Lane wrote:
>> Andres Freund <andres(at)anarazel(dot)de> writes:
>>> On 2015-06-24 11:57:53 -0400, Peter Eisentraut wrote:
>>>> If Red Hat fixes their bug, then PostgreSQL doesn't have any actual
>>>> problem anymore, does it?
>>
>>> It does, there are numerous bugs around renegotiation that exist
>with
>>> upstream openssl and postgres. More in the older branches, but even
>in
>>> HEAD we break regularly. Most only occur in replication connections
>(due
>>> to copy both) and/or when using more complex clients where clients
>and
>>> servers send data at the same time due to pipelining.
>>
>> The lesson to learn from the Red Hat fiasco is that vendors are not
>> adequately testing renegotiation either. All the more reason to get
>> out from under it. I did not like being told that "Postgres fails
>and
>> $randomapp doesn't, therefore it's Postgres' problem" when actually
>> the difference was that $randomapp doesn't invoke renegotiation.
>
>I'm fine with removing renegotiation. But the original proposal was to
>backpatch renegation changes, which seemed like replacing one problem
>variation with another, and does not sound comfortable given recent
>backpatching record.

Meh. The relevant branches already exist, as you can disable it today.

We could also just change the default in the back branches.

---
Please excuse brevity and formatting - I am writing this on my mobile phone.