Tom Lane wrote:
> Chris Campbell <chris_campbell@mac.com> writes:
> > Is there a way to detect when the SSL library has renegotiation disabled?
>
> Probably not. The current set of emergency security patches would
> certainly not have exposed any new API that would help us tell this :-(
>
> If said patches were done properly they'd have also turned an
> application-level renegotiation request into a no-op, instead of
> breaking apps by making it fail --- but apparently they were not done
> properly.
Yea, and also keep in mind any SSL library checks need to be done at
run-time (because I believe openssl is usually linked as a shared
object), which even further limits our options.
-- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB
http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +