Re: SSL renegotiation

Noah Misch <noah@leadboat.com>

From: Noah Misch <noah@leadboat.com>
To: Alvaro Herrera <alvherre@2ndquadrant.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Andres Freund <andres@2ndquadrant.com>, Robert Haas <robertmhaas@gmail.com>, Magnus Hagander <magnus@hagander.net>, Pg Hackers <pgsql-hackers@postgresql.org>
Date: 2014-08-26T04:35:33Z
Lists: pgsql-hackers
On Mon, Aug 25, 2014 at 11:46:13PM -0400, Alvaro Herrera wrote:
> Tom Lane wrote:
> > OK, then maybe end-of-beta is too long.  But how much testing will it get
> > during development?  I know I never use SSL on development installs.
> > How many hackers do?
> 
> Just a reminder that I intend to backpatch this (and subsequent fixes).
> We've gone over two 9.4 betas now.  Maybe it'd be a good thing if the
> beta3 announcement carried a note about enabling SSL with a low
> ssl_renegotiation_limit setting.

To elaborate on my private comments of 2013-10-11, I share Robert's
wariness[1] concerning the magic number of 1024 bytes of renegotiation
headroom.  Use of that number predates your work, but your work turned
exhaustion of that headroom into a FATAL error.  Situations where the figure
is too small will become disruptive, whereas the problem is nearly invisible
today.  Network congestion is a factor, so the lack of complaints during beta
is relatively uninformative.  Disabling renegotiation is a quick workaround,
fortunately, but needing to use that workaround will damage users' fragile
faith in the safety of our minor releases.

My recommendation is to either keep this 9.4-only or do focused load testing
to determine the actual worst-case headroom requirement.

[1] http://www.postgresql.org/message-id/CA+TgmoZVGmyZLx7e4ARq_5nu4uDeN7wrvg1xJXg_o9c61CHu3g@mail.gmail.com


Commits

  1. Well, the discussion about SSL a bit back perked my interest and I did