Обсуждение: Error in PostgreSQL log

Поиск
Список
Период
Сортировка

Error in PostgreSQL log

От
"Campbell, Lance"
Дата:

PostgreSQL: 8.4.3

I found the following in my error log:

 

LOG:  SSL error: unsafe legacy renegotiation disabled

 

Anyone have a clue what this means?

 

Thanks,

 

Lance Campbell

Software Architect/DBA/Project Manager

Web Services at Public Affairs

217-333-0382

 

Re: Error in PostgreSQL log

От
Tom Lane
Дата:
"Campbell, Lance" <lance@illinois.edu> writes:
> PostgreSQL: 8.4.3
> I found the following in my error log:
> LOG:  SSL error: unsafe legacy renegotiation disabled
> Anyone have a clue what this means?

It means your SSL library is maintained by someone with a clue ;-).
It's dealing with CVE-2009-3555 without simply breaking things.
However, you might want to update the SSL library at the other end,
or if you can't do that you might want to set ssl_renegotiation_limit = 0
to suppress the warning messages.

            regards, tom lane

Re: Error in PostgreSQL log

От
"Campbell, Lance"
Дата:
Tom,
Thanks.  Do I add the following to the postgresql.conf file?

ssl_renegotiation_limit = 0

Thanks,

Lance Campbell
Software Architect/DBA/Project Manager
Web Services at Public Affairs
217-333-0382

-----Original Message-----
From: Tom Lane [mailto:tgl@sss.pgh.pa.us]
Sent: Wednesday, April 28, 2010 3:47 PM
To: Campbell, Lance
Cc: pgsql-admin@postgresql.org
Subject: Re: [ADMIN] Error in PostgreSQL log

"Campbell, Lance" <lance@illinois.edu> writes:
> PostgreSQL: 8.4.3
> I found the following in my error log:
> LOG:  SSL error: unsafe legacy renegotiation disabled
> Anyone have a clue what this means?

It means your SSL library is maintained by someone with a clue ;-).
It's dealing with CVE-2009-3555 without simply breaking things.
However, you might want to update the SSL library at the other end,
or if you can't do that you might want to set ssl_renegotiation_limit =
0
to suppress the warning messages.

            regards, tom lane

Re: Error in PostgreSQL log

От
Tom Lane
Дата:
"Campbell, Lance" <lance@illinois.edu> writes:
> Thanks.  Do I add the following to the postgresql.conf file?
> ssl_renegotiation_limit = 0

Right.  The variable won't be listed in your existing file, likely,
because that option is new as of last month's updates.

            regards, tom lane