On Wed, Feb 3, 2010 at 11:52 AM, Michael Ledford wrote:
On Wed, Feb 3, 2010 at 11:09 AM, Tom Lane wrote:
Renegotiation after X amount of data is the recommended method AFAIK,
because it limits the volume of data available to cryptanalysis.
What makes you think that elapsed time is relevant at all?
You are correct. In that volume of data also matters. It depends on
what kind of attack you are trying to minimize here. In my particular
use case I fluctuate between idle and busy but mostly low bandwidth.

You have four different primary cases that you are possible:
This may all be true, but I think we're getting off track. If we
force ANY negotiation (whether based on time or bytes transferred), we
will, apparently, break things. So I think that means we should have
a way to disable that behavior, for fear of dissuading people from
using SSL (or PostgreSQL) altogether, or hacking their own copies of
the source in ways that may be even uglier.

...Robert

Search Discussions

Discussion Posts

Previous

Follow ups

Related Discussions

People

Translate

site design / logo © 2022 Grokbase