Обсуждение: Error in PostgreSQL log
PostgreSQL: 8.4.3
I found the following in my error log:
LOG: SSL error: unsafe legacy renegotiation disabled
Anyone have a clue what this means?
Thanks,
Lance Campbell
Software Architect/DBA/Project Manager
Web Services at Public Affairs
217-333-0382
"Campbell, Lance" <lance@illinois.edu> writes: > PostgreSQL: 8.4.3 > I found the following in my error log: > LOG: SSL error: unsafe legacy renegotiation disabled > Anyone have a clue what this means? It means your SSL library is maintained by someone with a clue ;-). It's dealing with CVE-2009-3555 without simply breaking things. However, you might want to update the SSL library at the other end, or if you can't do that you might want to set ssl_renegotiation_limit = 0 to suppress the warning messages. regards, tom lane
Tom, Thanks. Do I add the following to the postgresql.conf file? ssl_renegotiation_limit = 0 Thanks, Lance Campbell Software Architect/DBA/Project Manager Web Services at Public Affairs 217-333-0382 -----Original Message----- From: Tom Lane [mailto:tgl@sss.pgh.pa.us] Sent: Wednesday, April 28, 2010 3:47 PM To: Campbell, Lance Cc: pgsql-admin@postgresql.org Subject: Re: [ADMIN] Error in PostgreSQL log "Campbell, Lance" <lance@illinois.edu> writes: > PostgreSQL: 8.4.3 > I found the following in my error log: > LOG: SSL error: unsafe legacy renegotiation disabled > Anyone have a clue what this means? It means your SSL library is maintained by someone with a clue ;-). It's dealing with CVE-2009-3555 without simply breaking things. However, you might want to update the SSL library at the other end, or if you can't do that you might want to set ssl_renegotiation_limit = 0 to suppress the warning messages. regards, tom lane
"Campbell, Lance" <lance@illinois.edu> writes: > Thanks. Do I add the following to the postgresql.conf file? > ssl_renegotiation_limit = 0 Right. The variable won't be listed in your existing file, likely, because that option is new as of last month's updates. regards, tom lane