On 2015-10-14 18:53:14 +0300, Shay Rojansky wrote: > However, the new situation where some versions of PG allow this parameter > while others bomb when seeing it. Specifically, Npgsql sends > ssl_renegotiation_limit=0 in the startup packet to completely disable > renegotiation. At this early stage it doesn't know yet whether the database > it's connecting to is PG 9.5 or earlier.
I find it a rather debatable practice to send such a parameter unconditionally. Why are you sending it before the connection has even been established? > Is there any chance you'd consider allowing ssl_renegotiation_limit in PG > 9.5, without it having any effect (I think that's the current behavior for > recent 9.4, 9.3, right)? No, you can actually enable renegotiation in those versions, it's just a changed default value. > It may be a good idea to only allow this parameter to be set to zero, > raising an error otherwise. -0.1 from me. Andres -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
