Re: Should we back-patch SSL renegotiation fixes?

On 2015-06-24 11:57:53 -0400, Peter Eisentraut wrote:
> On 6/23/15 2:33 PM, Tom Lane wrote:
> > I do not know at this point whether these behaviors are really the same
> > bug or not, but I wonder whether it's time to consider back-patching the
> > renegotiation fixes we did in 9.4.
> 
> If Red Hat fixes their bug, then PostgreSQL doesn't have any actual
> problem anymore, does it?

It does, there are numerous bugs around renegotiation that exist with
upstream openssl and postgres. More in the older branches, but even in
HEAD we break regularly. Most only occur in replication connections (due
to copy both) and/or when using more complex clients where clients and
servers send data at the same time due to pipelining.

Greetings,

Andres Freund