Re: SSL renegotiation

On Tue, Oct 1, 2013 at 9:16 AM, Alvaro Herrera <alvherre@2ndquadrant.com> wrote:
> Since back branches releases are getting closer, I would like to push
> this to all supported branches.  To avoid a compatibility nightmare in
> case the new die-on-delayed-renegotiation behavior turns out not to be
> so great, I think it would be OK to set the error level to WARNING in
> all branches but master (and reset the byte count, to avoid filling the
> log).  I would also add a CONTEXT line with the current counter value
> and the configured limit, and a HINT to report to pg-hackers.  That way
> we will hopefully have more info on problems in the field.
>
> Anybody opposed to this?

Yes, warning suck.  If things just failed, users would fix them, but
instead they fill up their hard disk, and then things fail much later,
usually when they are asleep in bed.

If we can't feel comfortable with an ERROR, let's not do it at all.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company