| From: | Henry B Hotz <hbhotz(at)oxy(dot)edu> |
|---|---|
| To: | Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
| Cc: | Florian Weimer *EXTERN* <fweimer(at)redhat(dot)com>, Andres Freund <andres(at)2ndquadrant(dot)com>, Emil Lenngren <emil(dot)lenngren(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SSL renegotiation |
| Date: | 2015-02-23 17:38:38 |
| Message-ID: | C99500F9-169A-482D-940C-35B9572703C7@oxy.edu |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Renegotiation should be a best practice. Trouble is it's been broken (at the protocol level) three times in the last few years so it's a massive hole in practice.
Ideally we should leave the renegotiate in, and only remove it if configure detects a broken version of TLS.
Personal email. hbhotz(at)oxy(dot)edu
> On Feb 23, 2015, at 7:01 AM, Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> wrote:
>
> I'd say it is best to wait if and how OpenSSL change their API when they
> implement TLS 1.3.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thom Brown | 2015-02-23 17:51:44 | Re: mogrify and indent features for jsonb |
| Previous Message | Pavel Stehule | 2015-02-23 17:27:03 | json_populate_record issue - TupleDesc reference leak |