Andres Freund <andres@anarazel.de> writes:
> Having to backpatch a new parameter to all supported versions seems far
> more invasive than adding a guc that can only be set to one value.
Indeed. It is completely stupid to do this in any other way except
by reinstating ssl_renegotiation_limit as an ordinary GUC variable
whose min and max are both zero.
Quite aside from the implementation effort of inventing some
single-purpose kluge to do it another way, that solution would also
cover the complaints we're doubtless gonna get that "SET
ssl_renegotiation_limit = 0" doesn't work anymore.
regards, tom lane