On Wed, Feb 3, 2010 at 11:52 AM, Michael Ledford wrote:
On Wed, Feb 3, 2010 at 11:09 AM, Tom Lane wrote:
Renegotiation after X amount of data is the recommended method AFAIK,
because it limits the volume of data available to cryptanalysis.
What makes you think that elapsed time is relevant at all?
You are correct. In that volume of data also matters. It depends on
what kind of attack you are trying to minimize here. In my particular
use case I fluctuate between idle and busy but mostly low bandwidth.

You have four different primary cases that you are possible:
This may all be true, but I think we're getting off track. If we
force ANY negotiation (whether based on time or bytes transferred), we
will, apparently, break things. So I think that means we should have
a way to disable that behavior, for fear of dissuading people from
using SSL (or PostgreSQL) altogether, or hacking their own copies of
the source in ways that may be even uglier.


Search Discussions

Discussion Posts


Follow ups

Related Discussions



site design / logo © 2023 Grokbase