From: | Mario Splivalo <mario(dot)splivalo(at)megafon(dot)hr> |
---|---|
To: | pgsql-admin(at)postgresql(dot)org |
Subject: | Re: ssl3 errors in replication. |
Date: | 2012-02-02 16:24:09 |
Message-ID: | 4F2AB8A9.7040909@megafon.hr |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
On 02/02/2012 05:15 PM, Mario Splivalo wrote:
> On 02/02/2012 05:16 PM, Tom Lane wrote:
>> Mario Splivalo <mario(dot)splivalo(at)megafon(dot)hr> writes:
>>> I have these errors in my log files, occurring very often:
>>> 2012-02-02 01:05:53 CST [4103]: [2-1] user=,db= FATAL: could not
>>> receive data from WAL stream: SSL error: sslv3 alert unexpected message
>>
>> Google suggests that this might be caused by version or configuration
>> mismatches between openssl libraries on the master and slave machines.
>> One particular thing I'm wondering about is whether your openssl
>> libraries deal with the SSL renegotiation bug sanely (ie they've got
>> a fix for it that's less brain-dead than breaking the connection).
>
> Is there a way I can force replication over non-ssl channel? All those
> boxes are in my private network and ssl is a bit overhead there anyhow.
Reading the docs, it shouldn't use SSL when connecting.
Here is my recovery.conf on the slave:
standby_mode = 'on'
primary_conninfo = 'host=10.21.32.22 port=5432 user=replication
password=ueberseecret' # ded803
trigger_file = '/var/run/pg-trigger'
And here is excerpt from pg_hba.conf on master:
root(at)ded803:~# grep repl /etc/postgresql/9.1/main/pg_hba.conf | grep -v ^#
host replication replication 10.21.32.82/32 md5
host postgres replication 10.21.32.82/32 md5
(The second entry is for munin plugin on slave used to trend the slave lag.)
Mario
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2012-02-02 16:45:38 | Re: ssl3 errors in replication. |
Previous Message | Tom Lane | 2012-02-02 16:16:14 | Re: ssl3 errors in replication. |