| From: | Shay Rojansky <roji(at)roji(dot)org> |
|---|---|
| To: | "Pgsql-hackers(at)postgresql(dot)org" <Pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Allow ssl_renegotiation_limit in PG 9.5 |
| Date: | 2015-10-14 15:53:14 |
| Message-ID: | CADT4RqBEr2kA0EdAtELWyFqyrNrsuqANGbBVo3L=o7B2i23_Bw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi hackers.
I noticed ssl_renegotiation_limit has been removed in PostgreSQL 9.5, good
riddance...
However, the new situation where some versions of PG allow this parameter
while others bomb when seeing it. Specifically, Npgsql sends
ssl_renegotiation_limit=0 in the startup packet to completely disable
renegotiation. At this early stage it doesn't know yet whether the database
it's connecting to is PG 9.5 or earlier.
Is there any chance you'd consider allowing ssl_renegotiation_limit in PG
9.5, without it having any effect (I think that's the current behavior for
recent 9.4, 9.3, right)? It may be a good idea to only allow this parameter
to be set to zero, raising an error otherwise.
The alternative would be to force users to specify in advance whether the
database they're connecting to supports this parameter, or to send it after
the startup packet which complicates things etc.
Thanks,
Shay
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2015-10-14 15:56:04 | Re: Allow ssl_renegotiation_limit in PG 9.5 |
| Previous Message | Amir Rohan | 2015-10-14 15:27:12 | Re: Proposal: pg_confcheck - syntactic & semantic validation of postgresql configuration files |