diff options
| author | Andres Freund <andres@anarazel.de> | 2015-07-28 21:39:32 +0200 |
|---|---|---|
| committer | Andres Freund <andres@anarazel.de> | 2015-07-28 22:06:31 +0200 |
| commit | 6087d952b31fce56642e1c63cfed243aeb4d09bd (patch) | |
| tree | 7f6d2a66a4ebfea9d333efaf70bd8f10a52849b5 /doc/src | |
| parent | da7db24cc22e3f0d96cfda134f3ed194279bb513 (diff) | |
Remove ssl renegotiation support.
While postgres' use of SSL renegotiation is a good idea in theory, it
turned out to not work well in practice. The specification and openssl's
implementation of it have lead to several security issues. Postgres' use
of renegotiation also had its share of bugs.
Additionally OpenSSL has a bunch of bugs around renegotiation, reported
and open for years, that regularly lead to connections breaking with
obscure error messages. We tried increasingly complex workarounds to get
around these bugs, but we didn't find anything complete.
Since these connection breakages often lead to hard to debug problems,
e.g. spuriously failing base backups and significant latency spikes when
synchronous replication is used, we have decided to change the default
setting for ssl renegotiation to 0 (disabled) in the released
backbranches and remove it entirely in 9.5 and master.
Author: Andres Freund
Discussion: 20150624144148.GQ4797@alap3.anarazel.de
Backpatch: 9.5 and master, 9.0-9.4 get a different patch
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/config.sgml | 29 |
1 files changed, 0 insertions, 29 deletions
diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml index bbe1eb0d19a..e900dccb11c 100644 --- a/doc/src/sgml/config.sgml +++ b/doc/src/sgml/config.sgml @@ -1034,35 +1034,6 @@ include_dir 'conf.d' </listitem> </varlistentry> - <varlistentry id="guc-ssl-renegotiation-limit" xreflabel="ssl_renegotiation_limit"> - <term><varname>ssl_renegotiation_limit</varname> (<type>integer</type>) - <indexterm> - <primary><varname>ssl_renegotiation_limit</> configuration parameter</primary> - </indexterm> - </term> - <listitem> - <para> - Specifies how much data can flow over an <acronym>SSL</>-encrypted - connection before renegotiation of the session keys will take - place. Renegotiation decreases an attacker's chances of doing - cryptanalysis when large amounts of traffic can be examined, but it - also carries a large performance penalty. The sum of sent and received - traffic is used to check the limit. If this parameter is set to 0, - renegotiation is disabled. The default is <literal>512MB</>. - </para> - <note> - <para> - SSL libraries from before November 2009 are insecure when using SSL - renegotiation, due to a vulnerability in the SSL protocol. As a - stop-gap fix for this vulnerability, some vendors shipped SSL - libraries incapable of doing renegotiation. If any such libraries - are in use on the client or server, SSL renegotiation should be - disabled. - </para> - </note> - </listitem> - </varlistentry> - <varlistentry id="guc-ssl-ciphers" xreflabel="ssl_ciphers"> <term><varname>ssl_ciphers</varname> (<type>string</type>) <indexterm> |