Re: Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?)
| От | Andres Freund |
|---|---|
| Тема | Re: Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?) |
| Дата | |
| Msg-id | 20150711122849.GN26521@alap3.anarazel.de обсуждение исходный текст |
| Ответ на | Re: Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?) (Michael Paquier <michael.paquier@gmail.com>) |
| Ответы |
Re: Re: Removing SSL renegotiation (Was: Should we
back-patch SSL renegotiation fixes?)
|
| Список | pgsql-hackers |
On 2015-07-11 21:09:05 +0900, Michael Paquier wrote: > Something like the patches attached Thanks for that! > could be considered, one is for master > and REL9_5_STABLE to remove ssl_renegotiation_limit, the second one for > ~REL9_4_STABLE to change the default to 0. > diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml > index c669f75..16c0ce5 100644 > --- a/doc/src/sgml/config.sgml > +++ b/doc/src/sgml/config.sgml > @@ -1040,7 +1040,7 @@ include_dir 'conf.d' > cryptanalysis when large amounts of traffic can be examined, but it > also carries a large performance penalty. The sum of sent and received > traffic is used to check the limit. If this parameter is set to 0, > - renegotiation is disabled. The default is <literal>512MB</>. > + renegotiation is disabled. The default is <literal>0</>. I think we should put in a warning or at least note about the dangers of enabling it (connection breaks, exposure to several open openssl bugs). Thanks, Andres
В списке pgsql-hackers по дате отправления: