[Bug 1018307] Re: SSL renegotiation fails

Martin Pitt martin.pitt at ubuntu.com
Fri Jun 29 14:25:28 UTC 2012 

The 512 MB is an upstream default, the packages don't change it.

(http://www.postgresql.org/docs/9.1/static/runtime-config-
connection.html)

However, it does not seem very bad to set it to 0. I'm mostly wondering
if that is a bug in OpenSSL and that should be supplied dynamically
(pg_ctlctluster could check the OpenSSL version and add that option
unless it's set explicly) or whether it's generally considered better to
have it default to 0?

** Changed in: postgresql-9.1 (Ubuntu)
       Status: New => Incomplete

** Changed in: postgresql-9.1 (Ubuntu)
     Assignee: Canonical Server Team (canonical-server) => Martin Pitt (pitti)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1018307

Title:
  SSL renegotiation fails

Status in “openssl” package in Ubuntu:
  New
Status in “postgresql-9.1” package in Ubuntu:
  Incomplete

Bug description:
  With PostgreSQL 9.1, SSL renegotiation is enabled by default. This
  fails under Ubuntu 12.04, most noticeably when using streaming
  replication as the renegotiation limit is hit quickly.

  On the master:

  2012-06-25 16:16:26 PDT LOG:  SSL renegotiation failure
  2012-06-25 16:16:26 PDT LOG:  SSL error: unexpected record
  2012-06-25 16:16:26 PDT LOG:  could not send data to client: Connection reset by peer

  On the hot standby:

  2012-06-25 11:12:11 PDT FATAL:  could not receive data from WAL stream: SSL error: sslv3 alert unexpected message
  2012-06-25 11:12:11 PDT LOG:  record with zero length at 1C5/95D2FE00

  If our SSL libraries do not support SSL renegotiation, the default
  setting is wrong and perhaps warnings emitted if attempts are made to
  enable it.

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: postgresql-9.1 9.1.4-0ubuntu12.04
  ProcVersionSignature: Ubuntu 3.2.0-25.40-generic 3.2.18
  Uname: Linux 3.2.0-25-generic x86_64
  NonfreeKernelModules: nvidia
  ApportVersion: 2.0.1-0ubuntu8
  Architecture: amd64
  Date: Wed Jun 27 16:38:33 2012
  ProcEnviron:
   LANGUAGE=en_AU:en
   TERM=xterm
   PATH=(custom, user)
   LANG=en_AU.UTF-8
   SHELL=/bin/bash
  SourcePackage: postgresql-9.1
  UpgradeStatus: Upgraded to precise on 2012-04-27 (60 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1018307/+subscriptions

More information about the foundations-bugs mailing list