On June 24, 2015 9:07:35 PM GMT+02:00, Peter Eisentraut <pete...@gmx.net> wrote: >On 6/24/15 12:26 PM, Tom Lane wrote: >> Andres Freund <and...@anarazel.de> writes: >>> On 2015-06-24 11:57:53 -0400, Peter Eisentraut wrote: >>>> If Red Hat fixes their bug, then PostgreSQL doesn't have any actual >>>> problem anymore, does it? >> >>> It does, there are numerous bugs around renegotiation that exist >with >>> upstream openssl and postgres. More in the older branches, but even >in >>> HEAD we break regularly. Most only occur in replication connections >(due >>> to copy both) and/or when using more complex clients where clients >and >>> servers send data at the same time due to pipelining. >> >> The lesson to learn from the Red Hat fiasco is that vendors are not >> adequately testing renegotiation either. All the more reason to get >> out from under it. I did not like being told that "Postgres fails >and >> $randomapp doesn't, therefore it's Postgres' problem" when actually >> the difference was that $randomapp doesn't invoke renegotiation. > >I'm fine with removing renegotiation. But the original proposal was to >backpatch renegation changes, which seemed like replacing one problem >variation with another, and does not sound comfortable given recent >backpatching record.
Meh. The relevant branches already exist, as you can disable it today. We could also just change the default in the back branches. --- Please excuse brevity and formatting - I am writing this on my mobile phone. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
