Re: Recent vendor SSL renegotiation patches break PostgreSQL

Michael Ledford <mledford@gmail.com>

From: Michael Ledford <mledford@gmail.com>
To: pgsql-hackers@postgresql.org
Date: 2010-02-03T15:55:47Z
Lists: pgsql-hackers
On Wed, Feb 3, 2010 at 10:21 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>
> Bad idea: once set, it'll never get unset, thus leaving installations
> with a weakened security posture even after they've installed fixed
> versions of openssl.
>
>                        regards, tom lane

One might argue that the current method is already weakened as it is
measured by the amount of data sent instead of of a length of time. A
session could live a long time under the 512MB threshold depending on
the queries that are being performed.

Michael