Re: PostgreSQL not setting OpenSSL session id context?
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Shay Rojansky <roji@roji.org>
Cc: pgsql-hackers@postgresql.org
Date: 2017-07-30T19:17:58Z
Lists: pgsql-hackers
Shay Rojansky <roji@roji.org> writes: > When trying to connect with Npgsql to PostgreSQL with client authentication > (PG has ssl_ca_file set), the first connection works just fine. The second > connection, however, fails and the PostgreSQL logs contain the message > session id context uninitialized". This occurs when using .NET's default > SSL implementation, SslStream, which supports session resumption - the > session connection's ClientHello message contains a session ticket from the > first session, triggering the issue. AFAIK Postgres doesn't support session resumption. If I am correctly understanding what that is supposed to provide, it would require saving all of a backend's internal state on the off chance that somebody would request resuming the session later. I do not think we are going there. The idea makes sense for servers with relatively lightweight per-session state, but that ain't us. I think what you need to do is tell SslStream not to expect that PG servers will do session resumption. (I'm a bit astonished that that would be its default assumption in the first place, but whatever.) regards, tom lane
Commits
-
Disallow SSL session tickets.
- c180d2eb7614 9.2.22 landed
- dda04b9dd1bd 9.3.18 landed
- bebee333c3d2 9.5.8 landed
- b798ea88ac6e 9.6.4 landed
- 97d3a0b0900a 10.0 landed
- 8d05db3d8e0c 9.4.13 landed