Re: [HACKERS] Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?)

2015-07-28 Thread Andres Freund
On 2015-07-28 18:59:02 +0200, Andres Freund wrote: Unless somebody protests soon I'm going to push something like that after having dinner. Done. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription:

Re: [HACKERS] Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?)

2015-07-28 Thread Alvaro Herrera
Andres Freund wrote: On 2015-07-28 18:59:02 +0200, Andres Freund wrote: Unless somebody protests soon I'm going to push something like that after having dinner. Done. Yay! -- Álvaro Herrerahttp://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA,

Re: [HACKERS] Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?)

2015-07-28 Thread Michael Paquier
On Wed, Jul 29, 2015 at 2:00 AM, Andres Freund and...@anarazel.de wrote: On 2015-07-28 18:59:02 +0200, Andres Freund wrote: Attached are: a) a slightly evolved version of Michael's patch disabling renegotiation by default that I'm planning to apply to 9.4 - 9.0 b) a patch removing

Re: [HACKERS] Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?)

2015-07-12 Thread Michael Paquier
On Sat, Jul 11, 2015 at 9:28 PM, Andres Freund and...@anarazel.de wrote: On 2015-07-11 21:09:05 +0900, Michael Paquier wrote: Something like the patches attached Thanks for that! could be considered, one is for master and REL9_5_STABLE to remove ssl_renegotiation_limit, the second one

Re: [HACKERS] Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?)

2015-07-11 Thread Michael Paquier
On Fri, Jul 10, 2015 at 7:47 PM, Andres Freund and...@anarazel.de wrote: On 2015-07-01 23:32:23 -0400, Noah Misch wrote: We'd need to be triply confident that we know better than the DBA before removing flexibility in back branches. +1 for just changing the default. I think we do. But I

Re: [HACKERS] Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?)

2015-07-11 Thread Andres Freund
On 2015-07-11 21:09:05 +0900, Michael Paquier wrote: Something like the patches attached Thanks for that! could be considered, one is for master and REL9_5_STABLE to remove ssl_renegotiation_limit, the second one for ~REL9_4_STABLE to change the default to 0. diff --git

Re: [HACKERS] Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?)

2015-07-10 Thread Andres Freund
On 2015-07-01 23:32:23 -0400, Noah Misch wrote: We'd need to be triply confident that we know better than the DBA before removing flexibility in back branches. +1 for just changing the default. I think we do. But I also think that I pretty clearly lost this argument, so let's just change the

[HACKERS] Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?)

2015-07-01 Thread Noah Misch
On Sat, Jun 27, 2015 at 06:13:36PM +0200, Andres Freund wrote: On 2015-06-27 12:10:49 -0400, Tom Lane wrote: Andres Freund and...@anarazel.de writes: On 2015-06-27 15:07:05 +0900, Michael Paquier wrote: +1 for removing on master and just disabling on back-branches. The problem with