On Mon, Aug 25, 2014 at 11:46:13PM -0400, Alvaro Herrera wrote: > Tom Lane wrote: > > OK, then maybe end-of-beta is too long. But how much testing will it get > > during development? I know I never use SSL on development installs. > > How many hackers do? > > Just a reminder that I intend to backpatch this (and subsequent fixes). > We've gone over two 9.4 betas now. Maybe it'd be a good thing if the > beta3 announcement carried a note about enabling SSL with a low > ssl_renegotiation_limit setting.
To elaborate on my private comments of 2013-10-11, I share Robert's wariness[1] concerning the magic number of 1024 bytes of renegotiation headroom. Use of that number predates your work, but your work turned exhaustion of that headroom into a FATAL error. Situations where the figure is too small will become disruptive, whereas the problem is nearly invisible today. Network congestion is a factor, so the lack of complaints during beta is relatively uninformative. Disabling renegotiation is a quick workaround, fortunately, but needing to use that workaround will damage users' fragile faith in the safety of our minor releases. My recommendation is to either keep this 9.4-only or do focused load testing to determine the actual worst-case headroom requirement. [1] http://www.postgresql.org/message-id/ca+tgmozvgmyzlx7e4arq_5nu4uden7wrvg1xjxg_o9c61ch...@mail.gmail.com -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
