On 07/31/2017 02:27 PM, Heikki Linnakangas wrote:
Rebased patch attached, with proposed release notes included. Barring
new objections or arguments, I'll commit this (only) to v10 later today.
Ok, committed for v10. Thanks Nicolas and Damien, and everyone else
involved!
- Heikki
--
Sent
On 07/13/2017 11:07 PM, Heikki Linnakangas wrote:
On 07/13/2017 10:13 PM, Robert Haas wrote:
On Thu, Jul 13, 2017 at 1:30 PM, Tom Lane wrote:
Heikki Linnakangas writes:
I don't think this can be backpatched. It changes the default DH
parameters from 1024
On 07/13/2017 10:13 PM, Robert Haas wrote:
On Thu, Jul 13, 2017 at 1:30 PM, Tom Lane wrote:
Heikki Linnakangas writes:
I don't think this can be backpatched. It changes the default DH
parameters from 1024 bits to 2048 bits. That's a good thing for
On Thu, Jul 13, 2017 at 1:30 PM, Tom Lane wrote:
> Heikki Linnakangas writes:
>> I don't think this can be backpatched. It changes the default DH
>> parameters from 1024 bits to 2048 bits. That's a good thing for
>> security, but older clients might not
Heikki Linnakangas writes:
> I don't think this can be backpatched. It changes the default DH
> parameters from 1024 bits to 2048 bits. That's a good thing for
> security, but older clients might not support it, and would refuse to
> connect or would fall back to something
On 07/13/2017 01:07 PM, Simon Riggs wrote:
> On 13 July 2017 at 16:32, Heikki Linnakangas wrote:
>> (We dropped the ball back in October, continuing the discussion now)
>>
>> On 10/10/2016 06:24 PM, Heikki Linnakangas wrote:
>>>
>>> On 10/06/2016 10:26 PM, Christoph Berg wrote:
On 07/13/2017 08:04 PM, Alvaro Herrera wrote:
Michael Paquier wrote:
On Thu, Jul 13, 2017 at 5:32 PM, Heikki Linnakangas wrote:
Objections to committing this now, instead of waiting for v11?
But I am -1 for the sneak part. It is not the time to have a new
feature in 10,
Re: Alvaro Herrera 2017-07-13 <20170713170402.74uuoivrgd3c6tnw@alvherre.pgsql>
> > > Objections to committing this now, instead of waiting for v11?
> >
> > But I am -1 for the sneak part. It is not the time to have a new
> > feature in 10, the focus is to stabilize.
>
> But if we were treating
On 13 July 2017 at 16:32, Heikki Linnakangas wrote:
> (We dropped the ball back in October, continuing the discussion now)
>
> On 10/10/2016 06:24 PM, Heikki Linnakangas wrote:
>>
>> On 10/06/2016 10:26 PM, Christoph Berg wrote:
>>>
>>> Re: Heikki Linnakangas 2016-10-06
>>>
Michael Paquier wrote:
> On Thu, Jul 13, 2017 at 5:32 PM, Heikki Linnakangas wrote:
> > Objections to committing this now, instead of waiting for v11?
>
> But I am -1 for the sneak part. It is not the time to have a new
> feature in 10, the focus is to stabilize.
But if we
On Thu, Jul 13, 2017 at 5:32 PM, Heikki Linnakangas wrote:
> I rebased the patch, did some other clean up of error reporting, and added a
> GUC along those lines, as well as docs. How does this look?
>
> It's late in the release cycle, but it would be nice to sneak this into v10.
(We dropped the ball back in October, continuing the discussion now)
On 10/10/2016 06:24 PM, Heikki Linnakangas wrote:
On 10/06/2016 10:26 PM, Christoph Berg wrote:
Re: Heikki Linnakangas 2016-10-06
I propose the attached patch. It gives up on
06.10.2016, 16:52, Heikki Linnakangas kirjoitti:
I propose the attached patch. It gives up on trying to deal with
multiple key lengths (as noted earlier, OpenSSL just always passed
keylength=1024, so that was useless). Instead of using the callback, it
just sets fixed DH parameters with
On 10/06/2016 10:26 PM, Christoph Berg wrote:
Re: Heikki Linnakangas 2016-10-06
I propose the attached patch. It gives up on trying to deal with multiple
key lengths (as noted earlier, OpenSSL just always passed keylength=1024, so
that was useless).
Re: Heikki Linnakangas 2016-10-06
> I propose the attached patch. It gives up on trying to deal with multiple
> key lengths (as noted earlier, OpenSSL just always passed keylength=1024, so
> that was useless). Instead of using the callback, it just
On 10/05/2016 09:57 PM, Heikki Linnakangas wrote:
On 10/05/2016 05:15 PM, Nicolas Guini wrote:
We are working with Postgres 9.3.14 and executing nmap we
found that it is using “weak DH group” (nmap –script ssl-dh-params). Weak =
1024 bits.
Yeah, it seems that we're a bit
On 10/05/2016 05:15 PM, Nicolas Guini wrote:
We are working with Postgres 9.3.14 and executing nmap we
found that it is using “weak DH group” (nmap –script ssl-dh-params). Weak =
1024 bits.
Yeah, it seems that we're a bit behind the times on this...
This issue is similar
Hello everyone,
I sent few days ago to the security DL a mail reporting a vulnerability in
how Postgres is requesting DH params to be used later for encryption
algorithms. So, due to there is no problem sharing with this group, here is
what I sent:
18 matches
Mail list logo