[PostgreSQL-Hackers] Recent vendor SSL renegotiation patches break PostgreSQL

[PostgreSQL-Hackers] Recent vendor SSL renegotiation patches break PostgreSQL

	Tom Lane
	Feb 3, 2010 at 4:59 pm

Chris Campbell writes:
Is there a way to detect when the SSL library has renegotiation disabled?

Probably not. The current set of emergency security patches would
certainly not have exposed any new API that would help us tell this :-(

If said patches were done properly they'd have also turned an
application-level renegotiation request into a no-op, instead of
breaking apps by making it fail --- but apparently they were not done
properly.

regards, tom lane

Search Discussions

Discussion Posts

Michael Ledford: You are correct. In that volume of data also matters. It depends on what kind of attack you are trying to minimize here. In my particular use case I fluctuate between idle and busy but mostly low bandwidth. You have four different primary cases that you are possible: 1) timed method on an idle link (or low usage) 2) timed method on a busy link (or high usage) 3) data limit on an idle link (or low usage) 4) data limit on a busy link (or high usage) The timed method is more optimal for case 1.

Follow ups

Related Discussions

Discussion Navigation

view	thread \| post
posts	‹ prev \| 11 of 42 \| next ›

Discussion Overview

group	pgsql-hackers @
categories	postgresql
posted	Feb 3, '10 at 11:25a
active	Feb 25, '10 at 3:10p
posts	42
users	12
website	postgresql.org...
irc	#postgresql

font	variable	Hotkey: f
user style	avatars	Hotkey: a

[PostgreSQL-Hackers] Recent vendor SSL renegotiation patches break PostgreSQL

Search Discussions

Discussion Posts

Related Discussions

12 users in discussion