Renegotiation should be a best practice. Trouble is it's been broken (at the protocol level) three times in the last few years so it's a massive hole in practice.
Ideally we should leave the renegotiate in, and only remove it if configure detects a broken version of TLS. Personal email. hbh...@oxy.edu > On Feb 23, 2015, at 7:01 AM, Albe Laurenz <laurenz.a...@wien.gv.at> wrote: > > I'd say it is best to wait if and how OpenSSL change their API when they > implement TLS 1.3. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
