On 02/23/2015 04:01 PM, Albe Laurenz wrote:

>> I think you could remove renegotiation from PostgreSQL as long as you
>> offer something better than RC4 in the TLS handshake.
> 
> I'd say it is best to wait if and how OpenSSL change their API when they
> implement TLS 1.3.
> 
> I'd vote against removing renegotiation.

I'm just suggesting that the effort required to fix bugs in this part of
PostgreSQL could be spent better elsewhere.

> If changing the encryption is so useless, whe did the TLS workgroup
> decide to introduce rekeying as a substitute for renegotiation?

Theoretical considerations, mostly.  If rekeying is strictly required
after processing just a few petabytes, the cipher is severely broken and
should no longer be used.

-- 
Florian Weimer / Red Hat Product Security


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply via email to