Control: tags -1 moreinfo Re: Iñigo Belamendia 2015-09-21 <55ffdeb8.7040...@enigmedia.es> > From last monday (Sep 14) our OpenSIPS (1.11.5) dies after a restart. > The process starts but after few seconds (10") it goes down. First > connections bind correctly but the next ones are rejected. OpenSIPS > and PostgreSQL are instaled in diferent vm's. > > * What led up to the situation? > libpq5 package upgrade executed on last monday (Sep 14) > > * What exactly did you do (or not do) that was effective (or ineffective)? > 1. Restoring version 9.1.16-0+deb7u2 > # apt-get install libpq5=9.1.16-0+deb7u2 > 2. granting no-ssl conections in pg_hba.conf > Any of the above (1 or 2) fix the problem
Hi Iñigo, which PostgreSQL server version are you running on the other side of that libpq connection? (package, OS, and openssl versions please) There was a change between libpq 9.1.16 and .17 to update the TLS versions supported: commit 2c2c5f0e02b58d225385f5008fb797a90935cb06 Author: Tom Lane <t...@sss.pgh.pa.us> Date: Thu May 21 20:41:55 2015 -0400 Back-patch libpq support for TLS versions beyond v1. Since 7.3.2, libpq has been coded in such a way that the only SSL protocol it would allow was TLS v1. That approach is looking increasingly obsolete. In commit 820f08cabdcbb899 we fixed it to allow TLS >= v1, but did not back-patch the change at the time, partly out of caution and partly because the question was confused by a contemporary server-side change to reject the now-obsolete SSL protocol v3. 9.4 has now been out long enough that it seems safe to assume the change is OK; hence, back-patch into 9.0-9.3. (I also chose to back-patch some relevant comments added by commit 326e1d73c476a0b5, but did *not* change the server behavior; hence, pre-9.4 servers will continue to allow SSL v3, even though no remotely modern client will request it.) Per gripe from Jan Bilek. Christoph -- c...@df7cb.de | http://www.df7cb.de/
signature.asc
Description: PGP signature
_______________________________________________ Pkg-postgresql-public mailing list Pkg-postgresql-public@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-postgresql-public