Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: OpenSSL key renegotiation with patched openssl
- From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
- To: Magnus Hagander <magnus(at)hagander(dot)net>
- Cc: Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc>, Dave Cramer <davecramer(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
- Subject: Re: OpenSSL key renegotiation with patched openssl
- Date: Mon, 30 Nov 2009 16:43:21 -0500
- Message-id: <12085.1259617401@sss.pgh.pa.us> <text/plain>
Magnus Hagander <magnus(at)hagander(dot)net> writes: > I haven't looked into the details but - is there a point for us to > remove the requests for renegotiation completely? The periodic renegotiations are a recommended security measure. Fixing one hole by introducing a different attack vector doesn't seem to me to be an improvement. Also, when would we undo it? At least with the current situation, there is an incentive for people to get a corrected version of openssl as soon as possible (not "patched", since what this patch does is break essential functionality; but actually fixed). regards, tom lane
- References:
- OpenSSL key renegotiation with patched openssl
- From: Dave Cramer
- Re: OpenSSL key renegotiation with patched openssl
- From: Tom Lane
- Re: OpenSSL key renegotiation with patched openssl
- From: Dave Cramer
- Re: OpenSSL key renegotiation with patched openssl
- From: Tom Lane
- Re: OpenSSL key renegotiation with patched openssl
- From: Stefan Kaltenbrunner
- Re: OpenSSL key renegotiation with patched openssl
- From: Tom Lane
- Re: OpenSSL key renegotiation with patched openssl
- From: Magnus Hagander
- OpenSSL key renegotiation with patched openssl
- Prev by Date: Re: Application name patch - v4
- Next by Date: Re: New VACUUM FULL
- Previous by thread: Re: OpenSSL key renegotiation with patched openssl
- Next by thread: Re: OpenSSL key renegotiation with patched openssl
- Indexes: