Robert Haas <robertmh...@gmail.com> writes:
> On Fri, Jun 26, 2015 at 9:59 AM, Andres Freund <and...@anarazel.de> wrote:
>> Generally I'd agree that that is a bad thing. But there's really not
>> much of a observable behaviour change in this case? Except that
>> connections using ssl break less often.
> Well, SSL renegotiation exists for a reason: to improve security.
That was the theory, yes, but the CVEs that have come out of it indicate
that whether it improves security *in practice* is a pretty debatable
topic. The fact that the new TLS draft drops it altogether tells us
something about the conclusion the standards community has arrived at.
regards, tom lane
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
