| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: should libpq also require TLSv1.2 by default? |
| Date: | 2020-06-26 15:36:42 |
| Message-ID: | 16724.1593185802@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Here is a quick attempt at getting libpq and the server to report
suitable hint messages about SSL version problems.
The main thing I don't like about this as formulated is that I hard-wired
knowledge of the minimum and maximum SSL versions into the hint messages.
That's clearly not very maintainable, but it seems really hard to keep the
messages readable/useful without giving concrete version numbers.
Anybdy have a better idea? Is there a reasonably direct way to ask
OpenSSL what its min and max versions are?
regards, tom lane
| Attachment | Content-Type | Size |
|---|---|---|
| ssl-protocol-version-hints-1.patch | text/x-diff | 4.8 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2020-06-26 16:37:26 | Re: Default setting for enable_hashagg_disk |
| Previous Message | Fabrízio de Royes Mello | 2020-06-26 14:55:26 | Re: pg_dump bug for extension owned tables |