2010/2/22 Chris Campbell <chris_campb...@mac.com>: > On Feb 22, 2010, at 12:25 PM, Tom Lane wrote: > >> I think we already missed the window where it would have been sensible >> to install a hack workaround for this. If we'd done that in November >> it might have been reasonable, but by now it's too late for any hack >> we install to spread much faster than fixed openssl libraries. > > Could we simply ignore renegotiation errors? Or change them to warnings? That > may enable us to work with the semi-fixed OpenSSL libraries that are > currently in the field, without disabling the functionality altogether.
I guess we could, but if we do that then we've opened a window where someone can attack us if we *have* a properly working openssl, haven't we? -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
