Re: Recent vendor SSL renegotiation patches break PostgreSQL
Michael Ledford <mledford@gmail.com>
From: Michael Ledford <mledford@gmail.com>
To: pgsql-hackers@postgresql.org
Date: 2010-02-03T15:55:47Z
Lists: pgsql-hackers
On Wed, Feb 3, 2010 at 10:21 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote: > > Bad idea: once set, it'll never get unset, thus leaving installations > with a weakened security posture even after they've installed fixed > versions of openssl. > > regards, tom lane One might argue that the current method is already weakened as it is measured by the amount of data sent instead of of a length of time. A session could live a long time under the 512MB threshold depending on the queries that are being performed. Michael