Re: PostgreSQL12 and older versions of OpenSSL

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Michael Paquier <michael(at)paquier(dot)xyz>
Cc: Victor Wagner <vitus(at)wagner(dot)pp(dot)ru>, pgsql-hackers(at)lists(dot)postgresql(dot)org
Subject: Re: PostgreSQL12 and older versions of OpenSSL
Date: 2019-09-26 06:03:12
Message-ID: 18143.1569477792@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Michael Paquier <michael(at)paquier(dot)xyz> writes:
> Now that I think about it, another method would be to rely on the fact
> that a given version of OpenSSL does not support TLS 1.1 and 1.2. So
> we could also just add checks based on OPENSSL_VERSION_NUMBER and be
> done with it.

No, that way madness lies. We *know* that there are lots of
vendor-patched versions of OpenSSL out there, so that the nominal
version number isn't really going to tell us what the package can do.

What I'm concerned about at the moment is Peter's comment upthread
that what we seem to be dealing with here is a broken vendor patch,
not any officially-released OpenSSL version at all. Is it our job
to work around that situation, rather than pushing the vendor to
fix their patch?

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Youki Shiraishi 2019-09-26 06:06:37 Add comments for a postgres program in bootstrap mode
Previous Message Looserof7 2019-09-26 05:44:53 WAL records