Re: PostgreSQL not setting OpenSSL session id context?
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Shay Rojansky <roji@roji.org>
Cc: pgsql-hackers@postgresql.org
Date: 2017-07-30T19:59:47Z
Lists: pgsql-hackers
I wrote: > I think what you need to do is tell SslStream not to expect that PG > servers will do session resumption. (I'm a bit astonished that that > would be its default assumption in the first place, but whatever.) Actually, after a bit of further googling, it seems that the brain damage here may be on the server side. It seems that OpenSSL will send a session ticket if requested, even though the surrounding application has given it no means to identify the session (!?). Apparently we need to pass SSL_OP_NO_TICKET to SSL_CTX_set_options to prevent that from happening. regards, tom lane
Commits
-
Disallow SSL session tickets.
- c180d2eb7614 9.2.22 landed
- dda04b9dd1bd 9.3.18 landed
- bebee333c3d2 9.5.8 landed
- b798ea88ac6e 9.6.4 landed
- 97d3a0b0900a 10.0 landed
- 8d05db3d8e0c 9.4.13 landed