2009/11/27 Tom Lane <t...@sss.pgh.pa.us>: > Stefan Kaltenbrunner <ste...@kaltenbrunner.cc> writes: >> Tom Lane wrote: >>> The discussion I saw suggested that you need such a patch at both ends. > >> and likely requires a restart of both postgresql and slony afterwards... > > Actually, after looking through the available info about this: > https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt > I think my comment above is wrong. It is useful to patch the > *server*-side library to reject a renegotiation request. Applying that > patch on the client side, however, is useless and simply breaks things.
I haven't looked into the details but - is there a point for us to remove the requests for renegotiation completely? Will this help those that *haven't* upgraded their openssl library? I realize it's not necessarily our bug to fix, but if we can help.. :) If a patched version of openssl ignores the renegotiation anyway, there's nothing lost if we turn it off in postgresql, is there? -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers