pgpool-II 4.0.6 Documentation | |||
---|---|---|---|
Prev | Up | Appendix A. Release Notes | Next |
Release Date: 2019-03-29
Add new configuration option ssl_prefer_server_ciphers. (Muhammad Usama)
Add the new setting ssl_prefer_server_ciphers to let users configure if they want client's or server's cipher order to take preference.
The default for this parameter is off, which prioritize the client's cipher order as usual. However this is just for keeping backward compatibility, and it is possible that a malicious client uses weak ciphers. For this reason we recommend to set this parameter to on at all times.
Allow to set a client cipher list. (Tatsuo Ishii, Yugo Nagata)
For this purpose new parameter ssl_ciphers, which specifies the cipher list to be accepted by Pgpool-II, is added. This is already implemented in PostgreSQL and useful to enhance security when SSL is enabled.
Fix unnecessary fsync()
to pgpool_status file. (Tatsuo Ishii)
Whenever new connections are created to PostgreSQL backend, fsync()
was issued to pgpool_status file, which could generate excessive I/O
in certain conditions.
So reduce the chance of issuing fsync()
so that it is issued only when
backend status is changed.
Discussion: [pgpool-general: 6436]
Doc: add more explanation to follow_master_command. (Tatsuo Ishii)
Add description how follow_master_command is executed etc.
Doc: add note to detach_false_primary configuration parameter. (bug 469) (Tatsuo Ishii)
To use this feature, sr_check_user must be super user or in pg_monitor group.