Magnus Hagander wrote:
>> I have streaming replication configured over SSL, and
>> there seems to be a problem with SSL renegotiation.
[...]
>> After that, streaming replication reconnects and resumes working.
>>
>> Is this an oversight in the replication protocol, or is this
>> working as designed?
> This sounds a lot like the general issue with SSL renegotiation, just
that it tends to show itself
> more often on replication connections since they don't disconnect very
often...
>
> Have you tried disabling SSL renegotiation on the connection
(ssl_renegotation=0)? If that helps, then
> the SSL library on one of the ends still has the problem with
renegotiation...
It can hardly be the CVE-2009-3555 renegotiation problem.
Both machines have OpenSSL 1.0.0, and RFC 5746 was implemented in
0.9.8m.
But I'll try to test if normal connections have the problem too.
Yours,
Laurenz Albe