Error in PostgreSQL log
am 28.04.2010 22:37:06 von Lance
This is a multi-part message in MIME format.
------_=_NextPart_001_01CAE712.90F6949C
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
PostgreSQL: 8.4.3
I found the following in my error log:
=20
LOG: SSL error: unsafe legacy renegotiation disabled
=20
Anyone have a clue what this means?
=20
Thanks,
=20
Lance Campbell
Software Architect/DBA/Project Manager
Web Services at Public Affairs
217-333-0382
=20
------_=_NextPart_001_01CAE712.90F6949C
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40">
charset=3Dus-ascii">
PostgreSQL: 8.4.3
I found the following in my error =
log:
LOG: SSL error: unsafe legacy renegotiation =
disabled
Anyone have a clue what this means?
Thanks,
Lance Campbell
Software Architect/DBA/Project =
Manager
Web Services at Public Affairs
217-333-0382
------_=_NextPart_001_01CAE712.90F6949C--
Re: Error in PostgreSQL log
am 28.04.2010 22:47:04 von Tom Lane
"Campbell, Lance" writes:
> PostgreSQL: 8.4.3
> I found the following in my error log:
> LOG: SSL error: unsafe legacy renegotiation disabled
> Anyone have a clue what this means?
It means your SSL library is maintained by someone with a clue ;-).
It's dealing with CVE-2009-3555 without simply breaking things.
However, you might want to update the SSL library at the other end,
or if you can't do that you might want to set ssl_renegotiation_limit = 0
to suppress the warning messages.
regards, tom lane
--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
Re: Error in PostgreSQL log
am 29.04.2010 15:57:51 von Lance
Tom,
Thanks. Do I add the following to the postgresql.conf file?
ssl_renegotiation_limit =3D 0
Thanks,
Lance Campbell
Software Architect/DBA/Project Manager
Web Services at Public Affairs
217-333-0382
-----Original Message-----
From: Tom Lane [mailto:tgl@sss.pgh.pa.us]=20
Sent: Wednesday, April 28, 2010 3:47 PM
To: Campbell, Lance
Cc: pgsql-admin@postgresql.org
Subject: Re: [ADMIN] Error in PostgreSQL log=20
"Campbell, Lance" writes:
> PostgreSQL: 8.4.3
> I found the following in my error log:
> LOG: SSL error: unsafe legacy renegotiation disabled
> Anyone have a clue what this means?
It means your SSL library is maintained by someone with a clue ;-).
It's dealing with CVE-2009-3555 without simply breaking things.
However, you might want to update the SSL library at the other end,
or if you can't do that you might want to set ssl_renegotiation_limit =3D
0
to suppress the warning messages.
regards, tom lane
--=20
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
Re: Error in PostgreSQL log
am 29.04.2010 16:06:31 von Tom Lane
"Campbell, Lance" writes:
> Thanks. Do I add the following to the postgresql.conf file?
> ssl_renegotiation_limit = 0
Right. The variable won't be listed in your existing file, likely,
because that option is new as of last month's updates.
regards, tom lane
--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin