From f8bd81b4cb6970c784e5c8250861df1e09cf323e Mon Sep 17 00:00:00 2001 From: Magnus Hagander Date: Thu, 25 Feb 2010 13:26:19 +0000 Subject: Add configuration parameter ssl_renegotiation_limit to control how often we do SSL session key renegotiation. Can be set to 0 to disable renegotiation completely, which is required if a broken SSL library is used (broken patches to CVE-2009-3555 a known cause) or when using a client library that can't do renegotiation. --- src/backend/utils/misc/postgresql.conf.sample | 1 + 1 file changed, 1 insertion(+) (limited to 'src/backend/utils/misc/postgresql.conf.sample') diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample index c1046fa86ea..115b3765ffd 100644 --- a/src/backend/utils/misc/postgresql.conf.sample +++ b/src/backend/utils/misc/postgresql.conf.sample @@ -74,6 +74,7 @@ #authentication_timeout = 1min # 1s-600s #ssl = off # (change requires restart) +#ssl_renegotiation_limit = 512MB # amount of data between renegotiations #password_encryption = on #db_user_namespace = off -- cgit v1.2.3