On Feb 3, 2010, at 10:16 AM, Stefan Kaltenbrunner wrote:
> Robert Haas wrote:
>> On Wed, Feb 3, 2010 at 6:24 AM, Chris Campbell <[email protected]>
>> wrote:
>>> The flurry of patches that vendors have recently been making to OpenSSL to
>>> address
>>> the potential man-in-the-middle attack during SSL renegotiation have
>>> disabled SSL
>>> renegotiation altogether in the OpenSSL libraries. Applications that make
>>> use of SSL
>>> renegotiation, such as PostgreSQL, start failing.
>> Should we think about adding a GUC to disable renegotiation until this
>> blows over?
>
> hmm I wonder if we should not go as far as removing the whole renegotiation
> code, from the field it seems that there are very very few daemons actually
> doing that kind forced renegotiation.
There was a discussion about the relevance and consequences of SSL
renegotiation on this list back in 2003:
http://archives.postgresql.org/pgsql-interfaces/2003-04/msg00075.php
Personally, my production servers have been patched to remove renegotiation
completely, and I’m comfortable with the consequences of that for my usage.
- Chris
--
Sent via pgsql-hackers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
