Re: BUG #5804: Connection aborted after many queries.
| От | Tom Lane |
|---|---|
| Тема | Re: BUG #5804: Connection aborted after many queries. |
| Дата | |
| Msg-id | 12193.1293640076@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: BUG #5804: Connection aborted after many queries. (Paul Davis <paul.joseph.davis@gmail.com>) |
| Ответы |
Re: BUG #5804: Connection aborted after many queries.
|
| Список | pgsql-bugs |
Paul Davis <paul.joseph.davis@gmail.com> writes:
> And this intriguing error in the server logs from around that time:
> 2010-12-28 18:40:02 EST LOG: SSL renegotiation failure
> 2010-12-28 18:40:02 EST LOG: SSL failed to send renegotiation request
> 2010-12-28 18:40:02 EST LOG: SSL renegotiation failure
> 2010-12-28 18:40:02 EST LOG: SSL error: unsafe legacy renegotiation disabled
> 2010-12-28 18:40:02 EST LOG: could not send data to client:
> Connection reset by peer
> 2010-12-28 18:40:02 EST LOG: SSL error: unsafe legacy renegotiation disabled
> 2010-12-28 18:40:02 EST LOG: could not receive data from client:
> Connection reset by peer
> 2010-12-28 18:40:02 EST LOG: unexpected EOF on client connection
> Googling, I see something that suggests turning off SSL renegotiation
> which I'll try next.
In all cases, you were testing a client against a server on a different
machine, right? This looks to me like you've got two different openssl
libraries, one of which has a bogus partial fix for the recent SSL
renegotiation security issue. I'm not sure what the state of play is
in Apple's shipping version of openssl --- you might have to get an
up-to-date source distribution and compile it yourself to have non-bogus
renegotiation behavior. Or you could just disable renegotiation on the
PG server.
regards, tom lane
В списке pgsql-bugs по дате отправления: