2010/2/22 Chris Campbell <chris_campbell@mac.com>:
On Feb 22, 2010, at 12:25 PM, Tom Lane wrote:

I think we already missed the window where it would have been sensible
to install a hack workaround for this.  If we'd done that in November
it might have been reasonable, but by now it's too late for any hack
we install to spread much faster than fixed openssl libraries.
Could we simply ignore renegotiation errors? Or change them to warnings? That may enable us to work with the semi-fixed OpenSSL libraries that are currently in the field, without disabling the functionality altogether.
I guess we could, but if we do that then we've opened a window where
someone can attack us if we *have* a properly working openssl, haven't
we?

Search Discussions

Discussion Posts

Previous

Follow ups

Related Discussions

People

Translate

site design / logo © 2022 Grokbase