The following bug has been logged on the website:
Bug reference: 12769
Logged by: Arne Scheffer
Email address: pilum.70@uni-muenster.de
PostgreSQL version: 9.3.6
Operating system: CentOS6, openssl version OpenSSL 1.0.1e-fips
Description:
I get ssl renegotiation failures with streaming standbys. Sometimes the
connection breaks and is reconnected afterwards. However, if I use
pg_basebackup (same libpq connection string), I don't get any of these
failures, allthough the transferred data ist far beyond 512 MB
So I don't think it's the
ssl renegotiation bug (openssl of a yum update patched centos6)
If I disable ssl_renegotiation_limit to 0, there are no errors any more,
but that is only a workaround, no solution.
Steps to reproduce with testdata:
Tested on patched centos6, Postgresql 9.3.6
bash-4.1$ openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
Install Repository
yum install postgresql93 postgresql93-server postgresql93-contrib
postgresql93-devel postgresql93-libs
/usr/pgsql-9.3/bin/initdb -D /tmp/data1
Not necessary but comfortable: create two postgresql-93test Init-Scripts (cp
/etc/init.d/postgresql-9.3 postgresql-93test)
- changing data-Directory to /tmp/data1 und /tmp/data2
- changing PGPORT to yourport and yourport2
Start server in data1
On server in data1:
create user replicateme with replication encrypted password "insecure";
<#####
postgresql.conf:
ssl = on
listen_addresses = 'yourserver.domain.com'
wal_level = hot_standby
# 4GB fuer WAL-Segmente:
wal_keep_segments = 256
max_wal_senders = 2
#####>
Certificates installed
<##### only 1 line:
pg_hba.conf:
hostssl replication ...
#####>
usr/pgsql-9.3/bin/pg_basebackup -D /tmp/data2 -v -P -Fp -l testsslbackup -x
-d "host=yourserver.domain.com port=yourport user=replicator
sslmode=verify-full"
<####
recovery.conf:
recovery_target_timeline = 'latest'
standby_mode = 'on'
primary_conninfo = 'host=yourserver.domain.com port=yourport user=replicator
sslmode=verify-full'
#####>
Start standby server in data2
On server in data1:
create database test
\c test
create table test2 (a int, b text);
insert into test2 (select generate_series(0,5000000,1));
update test2 set
b='sljfdlksjaofjsaolfjsdlkofjdolasjfoldsjfoldsjaolfjdloksjfolajsdflkjsdlokfjslojdalkfjoldsjfoslafjolasljfdloas';
tail -f /tmp/data1/pg_log/postgresql-Fri.log
[...]
< 2015-02-13 18:09:55.964 CET >LOG: SSL renegotiation failure
[...]
< 2015-02-13 18:10:11.819 CET >LOG: SSL renegotiation failure
[...]
usr/pgsql-9.3/bin/pg_basebackup -D /tmp/data3 -v -P -Fp -l testsslbackup2 -x
-d "host=yourserver.domain.com port=yourport user=replicator
sslmode=verify-full"
tail -f /tmp/data1/pg_log/postgresql-Fri.log
--> nothing!