Re: Allow ssl_renegotiation_limit in PG 9.5
| От | Tom Lane |
|---|---|
| Тема | Re: Allow ssl_renegotiation_limit in PG 9.5 |
| Дата | |
| Msg-id | 31677.1444844386@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: Allow ssl_renegotiation_limit in PG 9.5 (Alvaro Herrera <alvherre@2ndquadrant.com>) |
| Ответы |
Re: Allow ssl_renegotiation_limit in PG 9.5
|
| Список | pgsql-hackers |
Alvaro Herrera <alvherre@2ndquadrant.com> writes:
> Andres Freund wrote:
>> On 2015-10-14 14:19:40 -0300, Alvaro Herrera wrote:
>>> I think we could continue to have the parameter except that it throws an
>>> error if you try to set it to something other than 0.
>> That'll make it hard to ever remove it tho.
> What would you recommend then? Forcing the user to specify the version
> before the connection is established is not nice.
Yeah. I thought about telling Shay to set the variable after establishing
the connection, but there's a problem with that: if the user issues RESET
ALL then his setting would go away. (IIRC, settings established in the
connection packet are considered to be what to reset to; but a SET sent
just after connection would not be.)
The only other alternative is to make a second connection attempt if the
first fails, which is pretty messy.
If we think it's legit for npgsql to try to force renegotiation off,
then we have to give pretty serious consideration to putting the variable
back as Alvaro suggests.
regards, tom lane
В списке pgsql-hackers по дате отправления: