Disable SSL renegotiation

fixes #103

conn.go

@@ -221,6 +221,14 @@ func (c *Conn) connect(config ConnConfig, network, address string, tlsConfig *tl
 
 	msg := newStartupMessage()
 
+	// Default to disabling TLS renegotiation.
+	//
+	// Go does not support (https://github.com/golang/go/issues/5742)
+	// PostgreSQL recommends disabling (http://www.postgresql.org/docs/9.4/static/runtime-config-connection.html#GUC-SSL-RENEGOTIATION-LIMIT)
+	if tlsConfig != nil {
+		msg.options["ssl_renegotiation_limit"] = "0"
+	}
+
 	// Copy default run-time params
 	for k, v := range config.RuntimeParams {
 		msg.options[k] = v
@@ -230,6 +238,7 @@ func (c *Conn) connect(config ConnConfig, network, address string, tlsConfig *tl
 	if c.config.Database != "" {
 		msg.options["database"] = c.config.Database
 	}
+
 	if err = c.txStartupMessage(msg); err != nil {
 		return err
 	}

stress_test.go

@@ -84,6 +84,47 @@ func TestStressConnPool(t *testing.T) {
 	}
 }
 
+func TestStressTLSConnection(t *testing.T) {
+	t.Parallel()
+
+	if tlsConnConfig == nil {
+		t.Skip("Skipping due to undefined tlsConnConfig")
+	}
+
+	if testing.Short() {
+		t.Skip("Skipping due to testing -short")
+	}
+
+	conn, err := pgx.Connect(*tlsConnConfig)
+	if err != nil {
+		t.Fatalf("Unable to establish connection: %v", err)
+	}
+	defer conn.Close()
+
+	queryCount := 50
+	if testing.Short() {
+		queryCount /= 10
+	}
+
+	for i := 0; i < queryCount; i++ {
+		sql := `select * from generate_series(1, $1)`
+
+		rows, err := conn.Query(sql, 2000000)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		var n int32
+		for rows.Next() {
+			rows.Scan(&n)
+		}
+
+		if rows.Err() != nil {
+			t.Fatalf("queryCount: %d, Row number: %d. %v", i, n, rows.Err())
+		}
+	}
+}
+
 func setupStressDB(t *testing.T, pool *pgx.ConnPool) {
 	_, err := pool.Exec(`
 		drop table if exists widgets;