On 02/23/2015 04:01 PM, Albe Laurenz wrote: >> I think you could remove renegotiation from PostgreSQL as long as you >> offer something better than RC4 in the TLS handshake. > > I'd say it is best to wait if and how OpenSSL change their API when they > implement TLS 1.3. > > I'd vote against removing renegotiation.
I'm just suggesting that the effort required to fix bugs in this part of PostgreSQL could be spent better elsewhere. > If changing the encryption is so useless, whe did the TLS workgroup > decide to introduce rekeying as a substitute for renegotiation? Theoretical considerations, mostly. If rekeying is strictly required after processing just a few petabytes, the cipher is severely broken and should no longer be used. -- Florian Weimer / Red Hat Product Security -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers