| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Michael Ledford <mledford(at)gmail(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Recent vendor SSL renegotiation patches break PostgreSQL |
| Date: | 2010-02-03 17:04:06 |
| Message-ID: | 603c8f071002030904u3f50cadfo738816e77035b509@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Feb 3, 2010 at 11:52 AM, Michael Ledford <mledford(at)gmail(dot)com> wrote:
> On Wed, Feb 3, 2010 at 11:09 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> Renegotiation after X amount of data is the recommended method AFAIK,
>> because it limits the volume of data available to cryptanalysis.
>> What makes you think that elapsed time is relevant at all?
>
> You are correct. In that volume of data also matters. It depends on
> what kind of attack you are trying to minimize here. In my particular
> use case I fluctuate between idle and busy but mostly low bandwidth.
>
> You have four different primary cases that you are possible:
This may all be true, but I think we're getting off track. If we
force ANY negotiation (whether based on time or bytes transferred), we
will, apparently, break things. So I think that means we should have
a way to disable that behavior, for fear of dissuading people from
using SSL (or PostgreSQL) altogether, or hacking their own copies of
the source in ways that may be even uglier.
...Robert
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2010-02-03 17:05:30 | Re: Hot Standby and VACUUM FULL |
| Previous Message | Tom Lane | 2010-02-03 16:58:36 | Re: Recent vendor SSL renegotiation patches break PostgreSQL |