iff -ur postgresql-7.3.1/src/backend/libpq/be-secure.c postgresql-7.3.1.patched/src/backend/libpq/be-secure.c
--- postgresql-7.3.1/src/backend/libpq/be-secure.c	Wed Dec 18 07:20:00 2002
+++ postgresql-7.3.1.patched/src/backend/libpq/be-secure.c	Mon Dec 23 00:54:44 2002
@@ -273,12 +273,6 @@
 #ifdef USE_SSL
 	if (port->ssl)
 	{
-		if (port->count > RENEGOTIATION_LIMIT)
-		{
-			SSL_renegotiate(port->ssl);
-			port->count = 0;
-		}
-
 		n = SSL_read(port->ssl, ptr, len);
 		switch (SSL_get_error(port->ssl, n))
 		{
@@ -286,6 +280,7 @@
 				port->count += n;
 				break;
 			case SSL_ERROR_WANT_READ:
+				n = secure_read(port, ptr, len);
 				break;
 			case SSL_ERROR_SYSCALL:
 				if (n == -1)
@@ -325,7 +320,15 @@
 	{
 		if (port->count > RENEGOTIATION_LIMIT)
 		{
-			SSL_renegotiate(port->ssl);
+		        SSL_set_session_id_context(port->ssl, (void *)&SSL_context, sizeof(SSL_context));
+
+		        if (SSL_renegotiate(port->ssl) <= 0)
+			  elog(COMMERROR, "SSL renegotiation failure");
+			if (SSL_do_handshake(port->ssl) <= 0)
+			  elog(COMMERROR, "SSL renegotiation failure");
+			port->ssl->state=SSL_ST_ACCEPT;
+			if (SSL_do_handshake(port->ssl) <= 0)
+			  elog(COMMERROR, "SSL renegotiation failure");
 			port->count = 0;
 		}
 
@@ -336,6 +339,7 @@
 				port->count += n;
 				break;
 			case SSL_ERROR_WANT_WRITE:
+				n = secure_read(port, ptr, len);
 				break;
 			case SSL_ERROR_SYSCALL:
 				if (n == -1)
@@ -635,7 +639,7 @@
 
 	/* set up empheral DH keys */
 	SSL_CTX_set_tmp_dh_callback(SSL_context, tmp_dh_cb);
-	SSL_CTX_set_options(SSL_context, SSL_OP_SINGLE_DH_USE);
+	SSL_CTX_set_options(SSL_context, SSL_OP_SINGLE_DH_USE | SSL_OP_NO_SSLv2);
 
 	/* accept client certificates, but don't require them. */
 	snprintf(fnbuf, sizeof fnbuf, "%s/root.crt", DataDir);
diff -ur postgresql-7.3.1/src/interfaces/libpq/fe-secure.c postgresql-7.3.1.patched/src/interfaces/libpq/fe-secure.c
--- postgresql-7.3.1/src/interfaces/libpq/fe-secure.c	Wed Dec 18 07:20:03 2002
+++ postgresql-7.3.1.patched/src/interfaces/libpq/fe-secure.c	Mon Dec 23 00:12:01 2002
@@ -268,6 +268,7 @@
 			case SSL_ERROR_NONE:
 				break;
 			case SSL_ERROR_WANT_READ:
+			        n = pqsecure_read(conn, ptr, len);
 				break;
 			case SSL_ERROR_SYSCALL:
 				printfPQExpBuffer(&conn->errorMessage,
@@ -313,6 +314,7 @@
 			case SSL_ERROR_NONE:
 				break;
 			case SSL_ERROR_WANT_WRITE:
+			        n = pqsecure_write(conn, ptr, len);
 				break;
 			case SSL_ERROR_SYSCALL:
 				printfPQExpBuffer(&conn->errorMessage,
@@ -712,7 +714,7 @@
 	{
 		SSL_library_init();
 		SSL_load_error_strings();
-		SSL_context = SSL_CTX_new(SSLv23_method());
+		SSL_context = SSL_CTX_new(TLSv1_method());
 		if (!SSL_context)
 		{iff -ur postgresql-7.3.1/src/backend/libpq/be-secure.c postgresql-7.3.1.patched/src/backend/libpq/be-secure.c
--- postgresql-7.3.1/src/backend/libpq/be-secure.c	Wed Dec 18 07:20:00 2002
+++ postgresql-7.3.1.patched/src/backend/libpq/be-secure.c	Mon Dec 23 00:54:44 2002
@@ -273,12 +273,6 @@
 #ifdef USE_SSL
 	if (port->ssl)
 	{
-		if (port->count > RENEGOTIATION_LIMIT)
-		{
-			SSL_renegotiate(port->ssl);
-			port->count = 0;
-		}
-
 		n = SSL_read(port->ssl, ptr, len);
 		switch (SSL_get_error(port->ssl, n))
 		{
@@ -286,6 +280,7 @@
 				port->count += n;
 				break;
 			case SSL_ERROR_WANT_READ:
+				n = secure_read(port, ptr, len);
 				break;
 			case SSL_ERROR_SYSCALL:
 				if (n == -1)
@@ -325,7 +320,15 @@
 	{
 		if (port->count > RENEGOTIATION_LIMIT)
 		{
-			SSL_renegotiate(port->ssl);
+		        SSL_set_session_id_context(port->ssl, (void *)&SSL_context, sizeof(SSL_context));
+
+		        if (SSL_renegotiate(port->ssl) <= 0)
+			  elog(COMMERROR, "SSL renegotiation failure");
+			if (SSL_do_handshake(port->ssl) <= 0)
+			  elog(COMMERROR, "SSL renegotiation failure");
+			port->ssl->state=SSL_ST_ACCEPT;
+			if (SSL_do_handshake(port->ssl) <= 0)
+			  elog(COMMERROR, "SSL renegotiation failure");
 			port->count = 0;
 		}
 
@@ -336,6 +339,7 @@
 				port->count += n;
 				break;
 			case SSL_ERROR_WANT_WRITE:
+				n = secure_read(port, ptr, len);
 				break;
 			case SSL_ERROR_SYSCALL:
 				if (n == -1)
diff -ur postgresql-7.3.1/src/interfaces/libpq/fe-secure.c postgresql-7.3.1.patched/src/interfaces/libpq/fe-secure.c
--- postgresql-7.3.1/src/interfaces/libpq/fe-secure.c	Wed Dec 18 07:20:03 2002
+++ postgresql-7.3.1.patched/src/interfaces/libpq/fe-secure.c	Mon Dec 23 00:12:01 2002
@@ -268,6 +268,7 @@
 			case SSL_ERROR_NONE:
 				break;
 			case SSL_ERROR_WANT_READ:
+			        n = pqsecure_read(conn, ptr, len);
 				break;
 			case SSL_ERROR_SYSCALL:
 				printfPQExpBuffer(&conn->errorMessage,
@@ -313,6 +314,7 @@
 			case SSL_ERROR_NONE:
 				break;
 			case SSL_ERROR_WANT_WRITE:
+			        n = pqsecure_write(conn, ptr, len);
 				break;
 			case SSL_ERROR_SYSCALL:
 				printfPQExpBuffer(&conn->errorMessage,