-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Christoph,
Thnx by your response. We use PosgreSQL 9.1 and OpenSSL 1.0.1e (Debian Wheezy, full details in the attachment). On 23/09/15 11:27, Christoph Berg wrote: > Control: tags -1 moreinfo > > Re: Iñigo Belamendia 2015-09-21 <[email protected]> >> From last monday (Sep 14) our OpenSIPS (1.11.5) dies after a >> restart. The process starts but after few seconds (10") it goes >> down. First connections bind correctly but the next ones are >> rejected. OpenSIPS and PostgreSQL are instaled in diferent vm's. >> >> * What led up to the situation? libpq5 package upgrade executed >> on last monday (Sep 14) >> >> * What exactly did you do (or not do) that was effective (or >> ineffective)? 1. Restoring version 9.1.16-0+deb7u2 # apt-get >> install libpq5=9.1.16-0+deb7u2 2. granting no-ssl conections in >> pg_hba.conf Any of the above (1 or 2) fix the problem > > Hi Iñigo, > > which PostgreSQL server version are you running on the other side > of that libpq connection? (package, OS, and openssl versions > please) > > There was a change between libpq 9.1.16 and .17 to update the TLS > versions supported: > > commit 2c2c5f0e02b58d225385f5008fb797a90935cb06 Author: Tom Lane > <[email protected]> Date: Thu May 21 20:41:55 2015 -0400 > > Back-patch libpq support for TLS versions beyond v1. > > Since 7.3.2, libpq has been coded in such a way that the only SSL > protocol it would allow was TLS v1. That approach is looking > increasingly obsolete. In commit 820f08cabdcbb899 we fixed it to > allow TLS >= v1, but did not back-patch the change at the time, > partly out of caution and partly because the question was confused > by a contemporary server-side change to reject the now-obsolete SSL > protocol v3. 9.4 has now been out long enough that it seems safe > to assume the change is OK; hence, back-patch into 9.0-9.3. > > (I also chose to back-patch some relevant comments added by commit > 326e1d73c476a0b5, but did *not* change the server behavior; hence, > pre-9.4 servers will continue to allow SSL v3, even though no > remotely modern client will request it.) > > Per gripe from Jan Bilek. > > Christoph > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJWAoMQAAoJENZRGqpRVg16lxkQAK1W9bGbzRRVhJQkVC/YP/q4 tZiASggHE7jkdUfY8VmGJSWWKtor2hApaAZVpXWfSDPeU0BZzbUslXK1A7CyvJQQ Gs5dy8XeAz58r+4COxnCDEHQ0E8W7QRA9x9gD1c8b/AFUDz9swhrRbPKshH9l47T bGtJkws8ZaE4YtI6iQ0IsKutPhRqjrsdzmj/wB8iR/nshlH2r1HdXqA82gRUEI7l eFhhh8Q3PNdP9oyxNJFwbzHHbb1EMM70skHlBGC5IJgjm9PKeau7EheSTZHYZoVQ LxEGHzE1ZYYslUCH7K+lyU/ANEQdByTQXgUWouHMHLDvqeeYoiHTKQYLYP2H0t0b kyB0PwQUzPw1tbf0YcGNAZGsqYqv2FCwa447AEIK2ERWQMmaFAjHj0U/w1ScWDXB IFIiaewnj1O/OLE/fZ7cUBTJ122kcGqpPrqg2Pw/ClC6a2JeamkC8baCkWIfZVwb eLG1/aJYQFNt/RkAZWNZNy6hzRLRtDxXP3ntdaVAfMoA8cFRKrRB9hTY3leSFBUx y9TxBrRjPTVSpKcBdCnpR8FgFGAdIioHAP+lpTa50iisrudrsigj5b9e2tXf/4ih lQYnN4d1wyr01Wcs3eI+TVnY3O5Ic09C5BUU6VjTtoAPKrqkG6KUKCKAf5s5Ouri WvK49kia/WMbDEns7PWI =id+H -----END PGP SIGNATURE-----
root@dbserver:~# uname -a
Linux dbserver 3.2.0-4-amd64 #1 SMP Debian 3.2.68-1+deb7u4 x86_64 GNU/Linux
root@dbserver:~# cat /etc/debian_version
7.9
root@dbserver:~# dpkg --list 'postgres*'
Deseado=Desconocido/Instalar/Eliminar/Purgar/Retener
|
Estado=No/Instalado/Config-files/Desempaquetado/Medio-conf/Medio-inst/espera-disparo/pendiente-disparo
|/ Err?=(ninguno)/Requiere-reinst (Estado,Err: mayúsc.=malo)
||/ Nombre Versión Arquitectura
Descripción
+++-======================================-========================-========================-=================================================================================
ii postgresql 9.1+134wheezy4 all
object-relational SQL database (supported version)
un postgresql-7.4 <ninguna>
(no hay ninguna descripción disponible)
un postgresql-8.0 <ninguna>
(no hay ninguna descripción disponible)
ii postgresql-9.1 9.1.18-0+deb7u1 amd64
object-relational SQL database, version 9.1 server
ii postgresql-9.1-plsh 1.3-5 amd64
PL/sh procedural language for PostgreSQL 9.1
un postgresql-client <ninguna>
(no hay ninguna descripción disponible)
ii postgresql-client-9.1 9.1.18-0+deb7u1 amd64
front-end programs for PostgreSQL 9.1
ii postgresql-client-common 134wheezy4 all
manager for multiple PostgreSQL client versions
ii postgresql-common 134wheezy4 all
PostgreSQL database-cluster manager
ii postgresql-contrib 9.1+134wheezy4 all
additional facilities for PostgreSQL (supported version)
ii postgresql-contrib-9.1 9.1.18-0+deb7u1 amd64
additional facilities for PostgreSQL
un postgresql-dev <ninguna>
(no hay ninguna descripción disponible)
un postgresql-doc-9.1 <ninguna>
(no hay ninguna descripción disponible)
un postgresql-plpython-9.1 <ninguna>
(no hay ninguna descripción disponible)
root@dbserver:~# dpkg --list 'openssl*'
Deseado=Desconocido/Instalar/Eliminar/Purgar/Retener
|
Estado=No/Instalado/Config-files/Desempaquetado/Medio-conf/Medio-inst/espera-disparo/pendiente-disparo
|/ Err?=(ninguno)/Requiere-reinst (Estado,Err: mayúsc.=malo)
||/ Nombre
Versión Arquitectura
Descripción
+++-=======================================================================-========================================-========================================-====================================================================================
ii openssl
1.0.1e-2+deb7u17 amd64
Secure Socket Layer (SSL) binary and related cryptographic tools
un openssl-blacklist
<ninguna>
(no hay ninguna descripción disponible)
799663.txt.sig
Description: PGP signature
_______________________________________________ Pkg-postgresql-public mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-postgresql-public
