Re: SSL Renogotation failure

2014-06-10 Thread Mithun Kumar
Thanks Raheeda, So you say this is a bug in PostgeSQL and from version 9.3 and above works fine? Do you any links which speaks on this? On Wed, Jun 4, 2014 at 3:34 PM, Rahila Syed wrote: > Hello, > > SSL renegotiation is error prone in PostgreSQL version 9.3 and below. > You can either upgra

RE: SSL Renogotation failure

2014-06-05 Thread Salz, Rich
It must therefore be that the *other side* is trying to do unsafe renegotiation. Someone posted a note about PostGres issues, IIRC. /r$ -- Principal Security Engineer Akamai Technologies, Cambridge, MA IM: rs...@jabber.me; Twitter: RichSalz

Re: SSL Renogotation failure

2014-06-05 Thread Kyle Hamilton
You must ensure that the option is set, not cleared. -Kyle H On Wed, Jun 4, 2014 at 11:37 PM, Mithun Kumar wrote: > Thanks for the reply. > > I am currently resetting the below flag by resetting using > SSL_CTX_clear_options(). Still the handshake fails. > > SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTI

Re: SSL Renogotation failure

2014-06-04 Thread Mithun Kumar
Thanks for the reply. I am currently resetting the below flag by resetting using SSL_CTX_clear_options(). Still the handshake fails. SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION Any inputs ? On Wed, Jun 4, 2014 at 6:57 PM, Salz, Rich wrote: > Ø Can you please elaborate? > > Ø > > > > One si

Re: SSL Renogotation failure

2014-06-04 Thread Rahila Syed
Hello, SSL renegotiation is error prone in PostgreSQL version 9.3 and below. You can either upgrade your PostgreSQL server or as a work around ,if network security is not your major concern SSL renegotiation parameter can be switched off to avoid connection lost errors due to SSL renegotiation.

RE: SSL Renogotation failure

2014-06-04 Thread Salz, Rich
Ø Can you please elaborate? Ø One side of your connection, and it could be either the client or the server, is doing the old-style (OpenSSL calls it LEGACY) renegotiation and the other side is rejecting it. One use for renegotiation is to get a client cert, for example. For information about

Re: SSL Renogotation failure

2014-06-03 Thread Mithun Kumar
Hi Rich, Can you please elaborate? -Thanks On Tue, Jun 3, 2014 at 6:47 PM, Salz, Rich wrote: > Ø 2014-06-03 07:12:05 EDT LOG: SSL error: unsafe legacy renegotiation > disabled > > > > Somebody has an outdated implementation that doesn’t do secure > renegotiation. Google search. > > > >

RE: SSL Renogotation failure

2014-06-03 Thread Salz, Rich
Ø 2014-06-03 07:12:05 EDT LOG: SSL error: unsafe legacy renegotiation disabled Somebody has an outdated implementation that doesn’t do secure renegotiation. Google search. /r$ -- Principal Security Engineer Akamai Technologies, Cambridge, MA IM: rs...@jabber.me

SSL Renogotation failure

2014-06-03 Thread Mithun Kumar
Hi, Currently i working on a scenario where client uses openssl for connecting to PostgreSQL server. There is a flag in Server which invokes SSL renegotiation after certain amount of data is transferred. Connection terminates as part of SSL_read() with Errno = 10054 ( (An existing connection was