From e2010c858cb06d70054b1bfde250ab312bbdec27 Mon Sep 17 00:00:00 2001
From: Tejas Manohar <tejas@segment.com>
Date: Mon, 29 Oct 2018 21:31:58 -0700
Subject: [PATCH] tls: stop sending ssl_renegotiation_limit in startup message

This addresses https://github.com/jackc/pgx/issues/321 with the
fix @jackc proposed there. Redshift users that need to connect
w/ SSL currently fork the library to delete this parameter, e.g.

https://github.com/segmentio/pgx/commit/8e0028d742358e966669c28193fa65460a85ea69

And, that's annoying to keep up-to-date :)
---
 conn.go | 8 --------
 doc.go  | 7 +++++++
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/conn.go b/conn.go
index a8b61547..ffaf1d0a 100644
--- a/conn.go
+++ b/conn.go
@@ -337,14 +337,6 @@ func (c *Conn) connect(config ConnConfig, network, address string, tlsConfig *tl
 		Parameters:      make(map[string]string),
 	}
 
-	// Default to disabling TLS renegotiation.
-	//
-	// Go does not support (https://github.com/golang/go/issues/5742)
-	// PostgreSQL recommends disabling (http://www.postgresql.org/docs/9.4/static/runtime-config-connection.html#GUC-SSL-RENEGOTIATION-LIMIT)
-	if tlsConfig != nil {
-		startupMsg.Parameters["ssl_renegotiation_limit"] = "0"
-	}
-
 	// Copy default run-time params
 	for k, v := range config.RuntimeParams {
 		startupMsg.Parameters[k] = v
diff --git a/doc.go b/doc.go
index a4ff00e2..5808c09d 100644
--- a/doc.go
+++ b/doc.go
@@ -236,6 +236,13 @@ nil, then TLS will be disabled. If it is present, then it will be used to
 configure the TLS connection. This allows total configuration of the TLS
 connection.
 
+pgx has never explicitly supported Postgres < 9.6's `ssl_renegotiation` option.
+As of v3.3.0, it doesn't send `ssl_renegotiation: 0` either to support Redshift
+(https://github.com/jackc/pgx/pull/476). If you need TLS Renegotiation,
+consider supplying `ConnConfig.TLSConfig` with a non-zero `Renegotiation`
+value and if it's not the default on your server, set `ssl_renegotiation`
+via `ConnConfig.RuntimeParams`.
+
 Logging
 
 pgx defines a simple logger interface. Connections optionally accept a logger