Error in PostgreSQL log

Error in PostgreSQL log

am 28.04.2010 22:37:06 von Lance

This is a multi-part message in MIME format.

------_=_NextPart_001_01CAE712.90F6949C
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

PostgreSQL: 8.4.3

I found the following in my error log:

=20

LOG: SSL error: unsafe legacy renegotiation disabled

=20

Anyone have a clue what this means?

=20

Thanks,

=20

Lance Campbell

Software Architect/DBA/Project Manager

Web Services at Public Affairs

217-333-0382

=20


------_=_NextPart_001_01CAE712.90F6949C
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40">


charset=3Dus-ascii">









PostgreSQL: 8.4.3



I found the following in my error =
log:



 



LOG:  SSL error: unsafe legacy renegotiation =
disabled



 



Anyone have a clue what this means?



 



Thanks,



 



Lance Campbell



Software Architect/DBA/Project =
Manager



Web Services at Public Affairs



217-333-0382



 









------_=_NextPart_001_01CAE712.90F6949C--

Re: Error in PostgreSQL log

am 28.04.2010 22:47:04 von Tom Lane

"Campbell, Lance" writes:
> PostgreSQL: 8.4.3
> I found the following in my error log:
> LOG: SSL error: unsafe legacy renegotiation disabled
> Anyone have a clue what this means?

It means your SSL library is maintained by someone with a clue ;-).
It's dealing with CVE-2009-3555 without simply breaking things.
However, you might want to update the SSL library at the other end,
or if you can't do that you might want to set ssl_renegotiation_limit = 0
to suppress the warning messages.

regards, tom lane

--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

Re: Error in PostgreSQL log

am 29.04.2010 15:57:51 von Lance

Tom,
Thanks. Do I add the following to the postgresql.conf file?

ssl_renegotiation_limit =3D 0

Thanks,

Lance Campbell
Software Architect/DBA/Project Manager
Web Services at Public Affairs
217-333-0382

-----Original Message-----
From: Tom Lane [mailto:tgl@sss.pgh.pa.us]=20
Sent: Wednesday, April 28, 2010 3:47 PM
To: Campbell, Lance
Cc: pgsql-admin@postgresql.org
Subject: Re: [ADMIN] Error in PostgreSQL log=20

"Campbell, Lance" writes:
> PostgreSQL: 8.4.3
> I found the following in my error log:
> LOG: SSL error: unsafe legacy renegotiation disabled
> Anyone have a clue what this means?

It means your SSL library is maintained by someone with a clue ;-).
It's dealing with CVE-2009-3555 without simply breaking things.
However, you might want to update the SSL library at the other end,
or if you can't do that you might want to set ssl_renegotiation_limit =3D
0
to suppress the warning messages.

regards, tom lane

--=20
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

Re: Error in PostgreSQL log

am 29.04.2010 16:06:31 von Tom Lane

"Campbell, Lance" writes:
> Thanks. Do I add the following to the postgresql.conf file?
> ssl_renegotiation_limit = 0

Right. The variable won't be listed in your existing file, likely,
because that option is new as of last month's updates.

regards, tom lane

--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin