Magnus Hagander wrote: >> I have streaming replication configured over SSL, and >> there seems to be a problem with SSL renegotiation.
[...]
>> After that, streaming replication reconnects and resumes working. >> >> Is this an oversight in the replication protocol, or is this >> working as designed?
> This sounds a lot like the general issue with SSL renegotiation, just that it tends to show itself > more often on replication connections since they don't disconnect very often... > > Have you tried disabling SSL renegotiation on the connection (ssl_renegotation=0)? If that helps, then > the SSL library on one of the ends still has the problem with renegotiation...
It can hardly be the CVE-2009-3555 renegotiation problem.
Both machines have OpenSSL 1.0.0, and RFC 5746 was implemented in 0.9.8m.
It certainly *sounds* like that problem though. Maybe RedHat carried along the broken fix? It would surprise me, but given that it's openssl, not hugely much so :)
It would be worth trying with ssl_renegotiation=0 to see if the problem goes away.
But I'll try to test if normal connections have the problem too.
That would be a useful datapoint. All settings around this *should* happen at a lower layer than the difference between a replication connection and a regular one, but it would be good to confir mit.