tls: stop sending ssl_renegotiation_limit in startup message

This addresses jackc#321 with the fix @jackc proposed there. Redshift users that need to connect w/ SSL currently fork the library to delete this parameter, e.g. segmentio@8e0028d And, that's annoying to keep up-to-date :)
tejasmanohar · Oct 30, 2018 · ad95b87 · ad95b87
1 parent 381a1e8
commit ad95b87
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 8 deletions.
diff --git a/conn.go b/conn.go
@@ -337,14 +337,6 @@ func (c *Conn) connect(config ConnConfig, network, address string, tlsConfig *tl
 		Parameters:      make(map[string]string),
 	}
 
-	// Default to disabling TLS renegotiation.
-	//
-	// Go does not support (https://github.com/golang/go/issues/5742)
-	// PostgreSQL recommends disabling (http://www.postgresql.org/docs/9.4/static/runtime-config-connection.html#GUC-SSL-RENEGOTIATION-LIMIT)
-	if tlsConfig != nil {
-		startupMsg.Parameters["ssl_renegotiation_limit"] = "0"
-	}
-
 	// Copy default run-time params
 	for k, v := range config.RuntimeParams {
 		startupMsg.Parameters[k] = v

diff --git a/doc.go b/doc.go
@@ -236,6 +236,10 @@ nil, then TLS will be disabled. If it is present, then it will be used to
 configure the TLS connection. This allows total configuration of the TLS
 connection.
 
+pgx doesn't send `ssl_renegotiation: 0` in the Postgres connection startup
+message anymore as of v3.3.0. If you need to set this parameter, do so
+via `ConnConfig.RuntimeParams`. Read more at https://github.com/jackc/pgx/pull/476.
+
 Logging
 
 pgx defines a simple logger interface. Connections optionally accept a logger