On Thu, 2008-12-04 at 17:57 +0900, Fujii Masao wrote:
> On Wed, Dec 3, 2008 at 3:38 PM, Fujii Masao <masao.fujii@gmail.com> wrote:
> >>> > Do we need to worry about periodic
> >>> > renegotiation of keys in be-secure.c?
> >>>
> >>> What is "keys" you mean?
> >>
> >> See the notes in that file for explanation.
> >
> > Thanks! I would check it.
>
> The key is used only when we use SSL for the connection of
> replication. As far as I examined, secure_write() renegotiates
> the key if needed. Since walsender calls secure_write() when
> sending the WAL to the standby, the key is renegotiated
> periodically. So, I think that we don't need to worry about the
> obsolescence of the key.
Understood. Is the periodic renegotiation of keys something that would
interfere with the performance or robustness of replication? Is the
delay likely to effect sync rep? I'm just checking we've thought about
it.
-- Simon Riggs www.2ndQuadrant.comPostgreSQL Training, Services and Support