Обсуждение: Error in PostgreSQL log
PostgreSQL: 8.4.3
I found the following in my error log:
LOG: SSL error: unsafe legacy renegotiation disabled
Anyone have a clue what this means?
Thanks,
Lance Campbell
Software Architect/DBA/Project Manager
Web Services at Public Affairs
217-333-0382
"Campbell, Lance" <lance@illinois.edu> writes:
> PostgreSQL: 8.4.3
> I found the following in my error log:
> LOG: SSL error: unsafe legacy renegotiation disabled
> Anyone have a clue what this means?
It means your SSL library is maintained by someone with a clue ;-).
It's dealing with CVE-2009-3555 without simply breaking things.
However, you might want to update the SSL library at the other end,
or if you can't do that you might want to set ssl_renegotiation_limit = 0
to suppress the warning messages.
regards, tom lane
Tom,
Thanks. Do I add the following to the postgresql.conf file?
ssl_renegotiation_limit = 0
Thanks,
Lance Campbell
Software Architect/DBA/Project Manager
Web Services at Public Affairs
217-333-0382
-----Original Message-----
From: Tom Lane [mailto:tgl@sss.pgh.pa.us]
Sent: Wednesday, April 28, 2010 3:47 PM
To: Campbell, Lance
Cc: pgsql-admin@postgresql.org
Subject: Re: [ADMIN] Error in PostgreSQL log
"Campbell, Lance" <lance@illinois.edu> writes:
> PostgreSQL: 8.4.3
> I found the following in my error log:
> LOG: SSL error: unsafe legacy renegotiation disabled
> Anyone have a clue what this means?
It means your SSL library is maintained by someone with a clue ;-).
It's dealing with CVE-2009-3555 without simply breaking things.
However, you might want to update the SSL library at the other end,
or if you can't do that you might want to set ssl_renegotiation_limit =
0
to suppress the warning messages.
regards, tom lane
"Campbell, Lance" <lance@illinois.edu> writes:
> Thanks. Do I add the following to the postgresql.conf file?
> ssl_renegotiation_limit = 0
Right. The variable won't be listed in your existing file, likely,
because that option is new as of last month's updates.
regards, tom lane