rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
postgresql/src/backend
History
Andres Freund 426746b930 Remove ssl renegotiation support. 
While postgres' use of SSL renegotiation is a good idea in theory, it
turned out to not work well in practice. The specification and openssl's
implementation of it have lead to several security issues. Postgres' use
of renegotiation also had its share of bugs.

Additionally OpenSSL has a bunch of bugs around renegotiation, reported
and open for years, that regularly lead to connections breaking with
obscure error messages. We tried increasingly complex workarounds to get
around these bugs, but we didn't find anything complete.

Since these connection breakages often lead to hard to debug problems,
e.g. spuriously failing base backups and significant latency spikes when
synchronous replication is used, we have decided to change the default
setting for ssl renegotiation to 0 (disabled) in the released
backbranches and remove it entirely in 9.5 and master.

Author: Andres Freund
Discussion: 20150624144148.GQ4797@alap3.anarazel.de
Backpatch: 9.5 and master, 9.0-9.4 get a different patch
 		2015-07-28 22:06:31 +02:00
..
access Another attempt at fixing memory leak in xlogreader. 2015-07-28 09:09:36 +03:00
bootstrap pgindent run for 9.5 2015-05-23 21:35:49 -04:00
catalog Redesign tablesample method API, and do extensive code review. 2015-07-25 14:39:00 -04:00
commands Improve RLS handling in copy.c 2015-07-27 16:48:26 -04:00
executor Remove false comment about speculative insertion. 2015-07-27 11:46:11 +03:00
foreign Code review for foreign/custom join pushdown patch. 2015-05-10 14:36:36 -04:00
lib Use appendStringInfoString/Char et al where appropriate. 2015-07-02 12:36:03 +03:00
libpq Remove ssl renegotiation support. 2015-07-28 22:06:31 +02:00
main Revoke support for strxfrm() that write past the specified array length. 2015-07-08 20:44:21 -04:00
nodes Redesign tablesample method API, and do extensive code review. 2015-07-25 14:39:00 -04:00
optimizer Remove an unsafe Assert, and explain join_clause_is_movable_into() better. 2015-07-28 13:20:39 -04:00
parser Fix flattening of nested grouping sets. 2015-07-26 16:50:29 +02:00
po Translation updates 2015-06-28 23:56:55 -04:00
port Make WaitLatchOrSocket's timeout detection more robust. 2015-07-18 11:47:13 -04:00
postmaster Further code review for pg_stat_ssl patch. 2015-07-27 16:29:14 -04:00
regex Replace a bunch more uses of strncpy() with safer coding. 2015-01-24 13:05:42 -05:00
replication Fix logical decoding bug leading to inefficient reopening of files. 2015-07-07 13:12:46 +02:00
rewrite Redesign tablesample method API, and do extensive code review. 2015-07-25 14:39:00 -04:00
snowball Remove no-longer-required function declarations. 2015-05-24 12:20:23 -04:00
storage Centralize decision-making about where to get a backend's PGPROC. 2015-07-28 14:51:57 -04:00
tcop Add ALTER OPERATOR command, for changing selectivity estimator functions. 2015-07-14 18:17:55 +03:00
tsearch pgindent run for 9.5 2015-05-23 21:35:49 -04:00
utils Remove ssl renegotiation support. 2015-07-28 22:06:31 +02:00
.gitignore Add .gitignore entries for AIX-specific intermediate build artifacts. 2015-07-08 20:44:22 -04:00
Makefile AIX: Link the postgres executable with -Wl,-brtllib. 2015-07-15 21:00:26 -04:00
common.mk Remove maintainer-check target, fold into normal build 2013-10-10 20:11:56 -04:00
nls.mk Translation updates 2015-02-01 23:23:40 -05:00