Magnus Hagander writes:
> I haven't looked into the details but - is there a point for us to
> remove the requests for renegotiation completely?
The periodic renegotiations are a recommended security measure.
Fixing one hole by introducing a different attack vector doesn't
seem to me to be an imp
2009/11/27 Tom Lane :
> Stefan Kaltenbrunner writes:
>> Tom Lane wrote:
>>> The discussion I saw suggested that you need such a patch at both ends.
>
>> and likely requires a restart of both postgresql and slony afterwards...
>
> Actually, after looking through the available info about this:
> htt
On Fri, Nov 27, 2009 at 4:58 PM, Tom Lane wrote:
> Stefan Kaltenbrunner writes:
>> Tom Lane wrote:
>>> The discussion I saw suggested that you need such a patch at both ends.
>
>> and likely requires a restart of both postgresql and slony afterwards...
>
> Actually, after looking through the avai
Tom Lane wrote:
> Dave Cramer writes:
>
>> Recently openssl has been patched to not renegotiate keys.
>> http://www.links.org/?p=780
>> After a certain amount of data has gone through a postgresql connection
>> the server will attempt to switch session keys.
>> What is the workaround (if any )
Stefan Kaltenbrunner writes:
> Tom Lane wrote:
>> The discussion I saw suggested that you need such a patch at both ends.
> and likely requires a restart of both postgresql and slony afterwards...
Actually, after looking through the available info about this:
https://svn.resiprocate.org/rep/ietf
Tom Lane wrote:
Dave Cramer writes:
Tom Lane wrote:
Install the updated openssl library. Why are you bugging us about
an openssl patch?
After applying the updated openssl library slony dies, presumably
because the server requests a new session key
The discussion I saw suggested that you
Dave Cramer writes:
> Tom Lane wrote:
>> Install the updated openssl library. Why are you bugging us about
>> an openssl patch?
> After applying the updated openssl library slony dies, presumably
> because the server requests a new session key
The discussion I saw suggested that you need such a
Tom Lane wrote:
> Dave Cramer writes:
>
>> Recently openssl has been patched to not renegotiate keys.
>> http://www.links.org/?p=780
>> After a certain amount of data has gone through a postgresql connection
>> the server will attempt to switch session keys.
>> What is the workaround (if any )
Dave Cramer writes:
> Recently openssl has been patched to not renegotiate keys.
> http://www.links.org/?p=780
> After a certain amount of data has gone through a postgresql connection
> the server will attempt to switch session keys.
> What is the workaround (if any ) to avoid this in postgresql