Tom Lane wrote:
Chris Campbell <chris_campbell@mac.com> writes:
Is there a way to detect when the SSL library has renegotiation disabled?
Probably not. The current set of emergency security patches would
certainly not have exposed any new API that would help us tell this :-(

If said patches were done properly they'd have also turned an
application-level renegotiation request into a no-op, instead of
breaking apps by making it fail --- but apparently they were not done
properly.
Yea, and also keep in mind any SSL library checks need to be done at
run-time (because I believe openssl is usually linked as a shared
object), which even further limits our options.

--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

Search Discussions

Discussion Posts

Previous

Follow ups

Related Discussions

People

Translate

site design / logo © 2022 Grokbase