diff options
| -rw-r--r-- | src/backend/utils/misc/guc.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index 71090f2d4f1..fda0fb94f82 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -437,6 +437,14 @@ int tcp_keepalives_interval; int tcp_keepalives_count; /* + * SSL renegotiation was been removed in PostgreSQL 9.5, but we tolerate it + * being set to zero (meaning never renegotiate) for backward compatibility. + * This avoids breaking compatibility with clients that have never supported + * renegotiation and therefore always try to zero it. + */ +int ssl_renegotiation_limit; + +/* * This really belongs in pg_shmem.c, but is defined here so that it doesn't * need to be duplicated in all the different implementations of pg_shmem.c. */ @@ -2580,6 +2588,17 @@ static struct config_int ConfigureNamesInt[] = }, { + {"ssl_renegotiation_limit", PGC_USERSET, CONN_AUTH_SECURITY, + gettext_noop("SSL regenotiation is no longer supported; this can only be 0"), + NULL, + GUC_NO_SHOW_ALL | GUC_NOT_IN_SAMPLE | GUC_DISALLOW_IN_FILE, + }, + &ssl_renegotiation_limit, + 0, 0, 0, + NULL, NULL, NULL + }, + + { {"tcp_keepalives_count", PGC_USERSET, CLIENT_CONN_OTHER, gettext_noop("Maximum number of TCP keepalive retransmits."), gettext_noop("This controls the number of consecutive keepalive retransmits that can be " |