| From: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se>, Pg Docs <pgsql-docs(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Update to reflect that TLS1 and TLSv1.1 are now deprecated |
| Date: | 2021-03-24 20:07:04 |
| Message-ID: | 142c23c9-38a4-f2a0-7025-82a57172c316@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs |
On 24.03.21 10:49, Daniel Gustafsson wrote:
> The recently published RFC 8996 deprecates the use of TLSv1 and TLSv1.1, the
> attached rewords where we say our default of 1.2 is industry best practice with
> a link to the authoritative source.
The "industry best practices" the original text refers to are things
like PCI-DSS and various announcements by browser vendors. Those best
practices have already been around for long before RFC 8996. I think
this patch is mangling the two concepts of what is best practice and
what is officially deprecated, and since when each of them applies.
If we want to throw RFC 8996 into the mix, we could drop the reference
to best practices and just write something like
"The default is TLSv1.2. Note that all older versions are deprecated as
of this writing (see RFC 8996)."
However, now that I read this, it's not clear from this who is doing the
deprecating. Someone could wonder, does this mean PostgreSQL will drop
support for it?
Maybe the old wording is best and more timeless, and if someone wants to
question it they can do their own research.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2021-03-24 20:09:11 | Re: "there is no way to insert less than one row" |
| Previous Message | Jonathan S. Katz | 2021-03-24 12:55:57 | Re: Update to reflect that TLS1 and TLSv1.1 are now deprecated |