| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Jan Bilek <jan(dot)bilek(at)eftlab(dot)co(dot)uk>, Chris Dawes <chris(dot)dawes(at)eftlab(dot)co(dot)uk> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Postgres and TLSv1.2 |
| Date: | 2015-05-22 00:45:27 |
| Message-ID: | 18843.1432255527@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
I wrote:
> I think this was probably a mistake. I suggest that in the back branches
> we should leave the server alone (rejecting SSL v3 might annoy somebody
> using old non-libpq clients) but adjust libpq to use SSLv23_method() plus
> SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3. IOW, back-patch 820f08cabdcbb899,
> though perhaps also the comment adjustments in 326e1d73c476a0b5.
> This would have the effect of allowing libpq to use TLS-anything, not only
> TLSv1 which is what it's been requiring since 7.3.2.
This is too late for tomorrow's releases, but it will be in the next minor
releases --- or if you're in a hurry, you could apply that patch locally.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2015-05-22 00:48:11 | Re: Re: [COMMITTERS] pgsql: Add support for INSERT ... ON CONFLICT DO NOTHING/UPDATE. |
| Previous Message | Venkata Balaji N | 2015-05-22 00:16:27 | Re: Strange replication problem - segment restored from archive but still requested from master |