I wrote:
> I think what you need to do is tell SslStream not to expect that PG
> servers will do session resumption.  (I'm a bit astonished that that
> would be its default assumption in the first place, but whatever.)

Actually, after a bit of further googling, it seems that the brain
damage here may be on the server side.  It seems that OpenSSL will
send a session ticket if requested, even though the surrounding
application has given it no means to identify the session (!?).
Apparently we need to pass SSL_OP_NO_TICKET to SSL_CTX_set_options
to prevent that from happening.

                        regards, tom lane

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to