On 2015-07-11 21:09:05 +0900, Michael Paquier wrote:
> Something like the patches attached
Thanks for that!
> could be considered, one is for master
> and REL9_5_STABLE to remove ssl_renegotiation_limit, the second one for
> ~REL9_4_STABLE to change the default to 0.
> diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
> index c669f75..16c0ce5 100644
> --- a/doc/src/sgml/config.sgml
> +++ b/doc/src/sgml/config.sgml
> @@ -1040,7 +1040,7 @@ include_dir 'conf.d'
> cryptanalysis when large amounts of traffic can be examined, but it
> also carries a large performance penalty. The sum of sent and received
> traffic is used to check the limit. If this parameter is set to 0,
> - renegotiation is disabled. The default is <literal>512MB</>.
> + renegotiation is disabled. The default is <literal>0</>.
I think we should put in a warning or at least note about the dangers of
enabling it (connection breaks, exposure to several open openssl bugs).
Thanks,
Andres