I wrote:
> I think what you need to do is tell SslStream not to expect that PG
> servers will do session resumption. (I'm a bit astonished that that
> would be its default assumption in the first place, but whatever.)
Actually, after a bit of further googling, it seems that the brain
damage here may be on the server side. It seems that OpenSSL will
send a session ticket if requested, even though the surrounding
application has given it no means to identify the session (!?).
Apparently we need to pass SSL_OP_NO_TICKET to SSL_CTX_set_options
to prevent that from happening.
regards, tom lane
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
