Re: Recent vendor SSL renegotiation patches break PostgreSQL

2010/2/22 Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>:
> Magnus Hagander <magnus(at)hagander(dot)net> writes:
>> 2010/2/22 Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>:
>> You'd still have to turn it off on the server side if you have a
>> *single* client that has the broken patch, but that's still a lot
>> better than nothing.
>
> Well, if it's a GUC it can be set per-user or per-database, so there's
> at least some hope of not having to turn it off for everyone.
>
>> Think it's worth taking a stab at?
>
> If you want to do it, I'd be fine with it.

Seems easy enough, see attached. Comments?

This version is set to superuser only. It's a security related
feature, so just letting a random user turn it off may be seen as
wrong. On the other hand, this is just about the connection security,
and if we have a malicious user on the other end, he can do a lot
worse things than disable renegotiation (such as resending the
plaintext after it's been decrypted).

I'd therefore suggest we make it USERSET. Anything wrong in that discussion?

(That would also for example allow npgsql to always set it to 0, if
it's known to be broken)

Also, do we want to add a specific <note> to the documentation saying
this is the way around broken SSL libraries? Or leave that to release
notes? Or just leave it to the mailinglist archives?

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/