Re: SSL renegotiation
Andres Freund <andres@2ndquadrant.com>
From: Andres Freund <andres@2ndquadrant.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Alvaro Herrera <alvherre@2ndquadrant.com>,
Robert Haas <robertmhaas@gmail.com>, Magnus Hagander <magnus@hagander.net>,
Pg Hackers <pgsql-hackers@postgresql.org>
Date: 2013-11-15T16:05:29Z
Lists: pgsql-hackers
On 2013-11-15 10:58:19 -0500, Tom Lane wrote: > Andres Freund <andres@2ndquadrant.com> writes: > > On 2013-11-15 10:43:23 -0500, Tom Lane wrote: > >> Another reason I'm not in a hurry is that the problem we're trying > >> to solve doesn't seem to be causing real-world trouble. So by > >> "awhile", I'm thinking "let's let it get through 9.4 beta testing". > > > Well, there have been a bunch of customer complaints about it, afair > > that's what made Alvaro look into it in the first place. So it's not a > > victimless bug. > > OK, then maybe end-of-beta is too long. But how much testing will it get > during development? I know I never use SSL on development installs. > How many hackers do? I guess few. And even fewer will actually have connections that live long enough to experience renegotiations :/. I wonder how hard it'd be to rig the buildfarm code to generate ssl certificates and use them during installcheck. If we'd additionally set a low renegotiation limit... Greetings, Andres Freund -- Andres Freund http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services
Commits
-
Well, the discussion about SSL a bit back perked my interest and I did
- 17386ac45345 7.4.1 cited