[Bug 1018307] Re: SSL renegotiation fails

Nelson Hernandez nelsonh at gmail.com
Fri Mar 14 22:48:07 UTC 2014 

I am also seeing this as of 2014-03-14
Setting 'ssl_renegotiation_limit=0' in postgresql.conf did not work for me.
Are their any other known workarounds (aside from downgrading Ubuntu and other packages as noted below)?

does not work on:
PostgreSQL 9.3.2 on x86_64-unknown-linux-gnu, compiled by gcc (Ubuntu/Linaro 4.6.3-1ubuntu5) 4.6.3, 64-bit
OpenSSL 1.0.1-4ubuntu5.11
libpq-dev 9.1.12-0ubuntu0.12.04
Ubuntu 12.04.4 LTS

ssl works when using the same database and connecting from a client with
OpenSSL 1.0.1-4ubuntu5.10
libpq-dev 9.1.10-0ubuntu12.04
Ubuntu 12.04.3 LTS

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1018307

Title:
  SSL renegotiation fails

Status in “openssl” package in Ubuntu:
  Confirmed
Status in “postgresql-9.1” package in Ubuntu:
  Confirmed

Bug description:
  With PostgreSQL 9.1, SSL renegotiation is enabled by default. This
  fails under Ubuntu 12.04, most noticeably when using streaming
  replication as the renegotiation limit is hit quickly.

  On the master:

  2012-06-25 16:16:26 PDT LOG:  SSL renegotiation failure
  2012-06-25 16:16:26 PDT LOG:  SSL error: unexpected record
  2012-06-25 16:16:26 PDT LOG:  could not send data to client: Connection reset by peer

  On the hot standby:

  2012-06-25 11:12:11 PDT FATAL:  could not receive data from WAL stream: SSL error: sslv3 alert unexpected message
  2012-06-25 11:12:11 PDT LOG:  record with zero length at 1C5/95D2FE00

  If our SSL libraries do not support SSL renegotiation, the default
  setting is wrong and perhaps warnings emitted if attempts are made to
  enable it.

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: postgresql-9.1 9.1.4-0ubuntu12.04
  ProcVersionSignature: Ubuntu 3.2.0-25.40-generic 3.2.18
  Uname: Linux 3.2.0-25-generic x86_64
  NonfreeKernelModules: nvidia
  ApportVersion: 2.0.1-0ubuntu8
  Architecture: amd64
  Date: Wed Jun 27 16:38:33 2012
  ProcEnviron:
   LANGUAGE=en_AU:en
   TERM=xterm
   PATH=(custom, user)
   LANG=en_AU.UTF-8
   SHELL=/bin/bash
  SourcePackage: postgresql-9.1
  UpgradeStatus: Upgraded to precise on 2012-04-27 (60 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1018307/+subscriptions

More information about the foundations-bugs mailing list