Re: pgpool ssl handshake failure

On 10/15/2015 06:59 AM, AI Rumman wrote:
> Hi,
>
> I am using pgpool-II version 3.4.3 (tataraboshi).
> Where my database is Postgresql 8.4.

Probably already know, but 8.4 is approximately 1.25 years beyond EOL:

http://www.postgresql.org/support/versioning/

>
> I am trying to configure ssl mode from client and between pgpool and
> database it is non-ssl.

What is non-ssl, the database or pgpool?

> I configured as document and now I am getting this in my log:
>
>     /2015-10-13 22:17:58: pid 1857: LOG:  new connection received
>     //2015-10-13 22:17:58: pid 1857: DETAIL:  connecting host=10.0.0.5
>     port=65326
>     //2015-10-13 22:17:58: pid 1857: LOG:  pool_ssl: "SSL_read": "ssl
>     handshake failure"
>     //2015-10-13 22:17:58: pid 1857: ERROR:  unable to read data from
>     frontend
>     //2015-10-13 22:17:58: pid 1857: DETAIL:  socket read failed with an
>     error "Success"/
>
> Please let me know what wrong I am doing.

Not quite sure but given the below from the 9.5 Release Notes:

"
Remove server configuration parameter ssl_renegotiation_limit, which was
deprecated in earlier releases (Andres Freund)

While SSL renegotiation is a good idea in theory, it has caused enough
bugs to be considered a net negative in practice, and it is due to be
removed from future versions of the relevant standards. We have
therefore removed support for it from PostgreSQL."

I would check to see what  ssl_renegotiation_limit is set to:

http://www.postgresql.org/docs/8.4/static/runtime-config-connection.html

and if it is not set to 0, then try that.


>
> Thanks & Regards.
>


--
Adrian Klaver
adrian.klaver@aklaver.com