Re: Should we back-patch SSL renegotiation fixes?

Поиск
Список
Период
Сортировка
От Robert Haas
Тема Re: Should we back-patch SSL renegotiation fixes?
Дата
Msg-id CA+TgmoZ+BrQm=3XsVsyp5XPfORJdmfbz8we-_MkJLg+XXiJ=NA@mail.gmail.com
обсуждение исходный текст
Ответ на Re: Should we back-patch SSL renegotiation fixes?  (Andres Freund <andres@anarazel.de>)
Ответы Re: Should we back-patch SSL renegotiation fixes?
Re: Should we back-patch SSL renegotiation fixes?
Список pgsql-hackers
Дерево обсуждения 
On Fri, Jun 26, 2015 at 9:59 AM, Andres Freund <andres@anarazel.de> wrote:
> Generally I'd agree that that is a bad thing. But there's really not
> much of a observable behaviour change in this case? Except that
> connections using ssl break less often.

Well, SSL renegotiation exists for a reason: to improve security.
It's not awesome that we're being forced to shut off features that are
designed to improve security.  But it seems we have little choice, at
least until we can support some other SSL implementation (and maybe
not even then).

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Tom Lane
Дата:
Сообщение: Re: Nitpicking: unnecessary NULL-pointer check in pg_upgrade's controldata.c
Следующее
От: Tom Lane
Дата:
Сообщение: Re: Should we back-patch SSL renegotiation fixes?