2009/11/27 Tom Lane <[email protected]>: > Stefan Kaltenbrunner <[email protected]> writes: >> Tom Lane wrote: >>> The discussion I saw suggested that you need such a patch at both ends. > >> and likely requires a restart of both postgresql and slony afterwards... > > Actually, after looking through the available info about this: > https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt > I think my comment above is wrong. It is useful to patch the > *server*-side library to reject a renegotiation request. Applying that > patch on the client side, however, is useless and simply breaks things.
I haven't looked into the details but - is there a point for us to remove the requests for renegotiation completely? Will this help those that *haven't* upgraded their openssl library? I realize it's not necessarily our bug to fix, but if we can help.. :) If a patched version of openssl ignores the renegotiation anyway, there's nothing lost if we turn it off in postgresql, is there? -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
