I have streaming replication configured over SSL, and there seems to be a problem with SSL renegotiation.
This is from the primary's log:
2012-11-06 00:13:10.990 CET,"replication","",5204,"10.153.109.3:49889",509843df.1454,10,"streami ng 1E3/76D64000",2012-11-05 23:55:27 CET,4/0,0,LOG,08P01,"SSL renegotiation failure",,,,,,,,,"walreceiver"
2012-11-06 00:13:10.998 CET,"replication","",5204,"10.153.109.3:49889",509843df.1454,11,"streami ng 1E3/76D64000",2012-11-05 23:55:27 CET,4/0,0,LOG,08P01,"SSL error: unexpected record",,,,,,,,,"walreceiver"
2012-11-06 00:13:10.998 CET,"replication","",5204,"10.153.109.3:49889",509843df.1454,12,"streami ng 1E3/76D64000",2012-11-05 23:55:27 CET,4/0,0,LOG,08006,"could not send data to client: Connection reset by peer",,,,,,,,,"walreceiver"
This is what the standby has to say:
2012-11-06 00:13:11.001 CET,,,26789,,509843df.68a5,2,,2012-11-05 23:55:27 CET,,0,FATAL,XX000,"could not receive data from WAL stream: SSL error: sslv3 alert unexpected message ",,,,,,,,,""
This is PostgreSQL 9.1.3 on RHEL 6, openssl-1.0.0-20.el6.x86_64, kernel 2.6.32-220.el6.x86_64.
After that, streaming replication reconnects and resumes working.
Is this an oversight in the replication protocol, or is this working as designed?
This sounds a lot like the general issue with SSL renegotiation, just that it tends to show itself more often on replication connections since they don't disconnect very often...
Have you tried disabling SSL renegotiation on the connection (ssl_renegotation=0)? If that helps, then the SSL library on one of the ends still has the problem with renegotiation...