Re: TLS session tickets disabled?
Daniel Gustafsson <daniel@yesql.se>
From: Daniel Gustafsson <daniel@yesql.se>
To: Jacob Champion <jacob.champion@enterprisedb.com>
Cc: Cameron Vogt <cvogt@automaticcontrols.net>,
Tom Lane <tgl@sss.pgh.pa.us>,
"pgsql-bugs@lists.postgresql.org" <pgsql-bugs@lists.postgresql.org>
Date: 2024-08-16T08:11:32Z
Lists: pgsql-bugs
Attachments
- fix.diff (application/octet-stream) patch
> On 15 Aug 2024, at 21:33, Daniel Gustafsson <daniel@yesql.se> wrote: > >> On 15 Aug 2024, at 19:52, Jacob Champion <jacob.champion@enterprisedb.com> wrote: >> >> On Thu, Aug 15, 2024 at 10:36 AM Cameron Vogt >> <cvogt@automaticcontrols.net> wrote: >>> I don't know enough about TLS handshakes and session tickets to know where the bug truly lies (PostgreSQL/OpenSSL vs .NET's SslStream). >> >> I'm getting the feeling that this is our bug, and that we should be >> using both SSL_OP_NO_TICKET (for TLSv1.2) and SSL_CTX_set_num_tickets >> (for TLSv1.3). I don't see any indication in the docs or source that >> the latter does anything for 1.2. > > Thanks for copying me, I have been on vacation and had missed this thread. It > does indeed have the smell of me messing up when reading the OpenSSL docs =( The attached, backpatched all the way, should be the correct fix. Sorry for the mess =( -- Daniel Gustafsson
Commits
-
Fix regression in TLS session ticket disabling
- f925b7f65d49 13.17 landed
- cd98a142cb37 12.21 landed
- 9333174af475 16.5 landed
- 8cea8c023edf 14.14 landed
- 4fdb6558c270 18.0 landed
- 23c200940eae 15.9 landed
- 19021d28cdf0 17.0 landed