diff options
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/config.sgml | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml index 0864465f32a..f4c219373c9 100644 --- a/doc/src/sgml/config.sgml +++ b/doc/src/sgml/config.sgml @@ -1,4 +1,4 @@ -<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.220.2.1 2009/08/24 20:08:40 tgl Exp $ --> +<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.220.2.2 2010/02/25 13:26:26 mha Exp $ --> <chapter Id="runtime-config"> <title>Server Configuration</title> @@ -580,6 +580,32 @@ SET ENABLE_SEQSCAN TO OFF; </listitem> </varlistentry> + <varlistentry id="guc-ssl-renegotiation-limit" xreflabel="ssl_renegotiation_limit"> + <term><varname>ssl_renegotiation_limit</varname> (<type>int</type>)</term> + <indexterm> + <primary><varname>ssl_renegotiation_limit</> configuration parameter</primary> + </indexterm> + <listitem> + <para> + Specifies how much data can flow over an <acronym>SSL</> encrypted connection + before renegotiation of the session will take place. Renegotiation of the + session decreases the chance of doing cryptanalysis when large amounts of data + are sent, but it also carries a large performance penalty. The sum of + sent and received traffic is used to check the limit. If the parameter is + set to 0, renegotiation is disabled. The default is <literal>512MB</>. + </para> + <note> + <para> + SSL libraries from before November 2009 are insecure when using SSL + renegotiation, due to a vulnerability in the SSL protocol. As a stop-gap fix + for this vulnerability, some vendors also shipped SSL libraries incapable + of doing renegotiation. If any of these libraries are in use on the client + or server, SSL renegotiation should be disabled. + </para> + </note> + </listitem> + </varlistentry> + <varlistentry id="guc-ssl-ciphers" xreflabel="ssl_ciphers"> <term><varname>ssl_ciphers</varname> (<type>string</type>)</term> <indexterm> |