Thread: BUG #13467: Latest Openssl library forces Postgres to Close Connections

BUG #13467: Latest Openssl library forces Postgres to Close Connections

From

bceccarelli@net32.com

Date:

24 June 2015, 14:31:01

The following bug has been logged on the website:

Bug reference:      13467
Logged by:          Brian Ceccarelli
Email address:      bceccarelli@net32.com
PostgreSQL version: 9.4.1
Operating system:   Red Hat Enterprise Linux 7.1
Description:

Red Hat as part of their normal updates, released a new version of openssl
which breaks Postgres communication.

When I load a dump, psql will fail in the middle of loading a 2 GB
database.


Openssl release 1.0.1e 52.el7_1.8 and release 1.0.1e 30.el7_6.11 force
connections to have DH keys longer than 768 bytes.

The older version (1 week old) Openssl release 1.0.1e 52.el7_1.6 and release
1.0.1e 30.el7_6.9 allow 512 byte DH keys. This version works.

I am compiling Postgres from source using with-openssl.  When OpenSSL is
enabled, and even though I am not using a secure connection, I get an error
message "SSL closed connection--can't negotiate."

When I disable SSL in any fashion, Postgres still terminates the connection,
but I do not see an error.   The communication simply stops and the psql
ends.

Here is what Red Hat is up to:

https://access.redhat.com/errata/RHSA-2015:1072

Re: BUG #13467: Latest Openssl library forces Postgres to Close Connections

From

Tom Lane

Date:

24 June 2015, 14:40:08

bceccarelli@net32.com writes:
> Red Hat as part of their normal updates, released a new version of openssl
> which breaks Postgres communication.

https://bugzilla.redhat.com/show_bug.cgi?id=1234487

            regards, tom lane