Skip site navigation (1) Skip section navigation (2)

Re: OpenSSL key renegotiation with patched openssl

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc>, Dave Cramer <davecramer(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: OpenSSL key renegotiation with patched openssl
Date: 2009-11-30 21:21:10
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
2009/11/27 Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>:
> Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc> writes:
>> Tom Lane wrote:
>>> The discussion I saw suggested that you need such a patch at both ends.
>> and likely requires a restart of both postgresql and slony afterwards...
> Actually, after looking through the available info about this:
> I think my comment above is wrong.  It is useful to patch the
> *server*-side library to reject a renegotiation request.  Applying that
> patch on the client side, however, is useless and simply breaks things.

I haven't looked into the details but - is there a point for us to
remove the requests for renegotiation completely? Will this help those
that *haven't* upgraded their openssl library? I realize it's not
necessarily our bug to fix, but if we can help.. :) If a patched
version of openssl ignores the renegotiation anyway, there's nothing
lost if we turn it off in postgresql, is there?

 Magnus Hagander

In response to


pgsql-hackers by date

Next:From: Jeff DavisDate: 2009-11-30 21:22:25
Subject: Re: New VACUUM FULL
Previous:From: Simon RiggsDate: 2009-11-30 21:18:59
Subject: Re: Block-level CRC checks

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group