| From: | Nathan Mueller <nmueller(at)cs(dot)wisc(dot)edu> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: 7.3.1 stamped |
| Date: | 2002-12-18 04:18:38 |
| Message-ID: | 200212180418.WAA27432@norm.cs.wisc.edu |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> I believe that pre7-3 SSL clients will work in 7.3.1, or am I wrong?
In 7.3 the SSL protocol switched from SSLv2 to TLSv1. If the server
method is switched to SSLv23_method it will be backwords compatable with
pre-7.3 clients without sacrificing the added security of TLSv1 for
newer stuff. There's been a lot of other changes to the SSL code between
7.2 and 7.3, but I've tested this out and haven't found any problems.
I've included a patch to src/backend/libpq/be-secure.c if you're
interested.
--Nate
--- be-secure.c 13 Dec 2002 18:06:44 -0000 1.3
+++ be-secure.c 18 Dec 2002 04:16:19 -0000
@@ -587,7 +587,7 @@
{
SSL_library_init();
SSL_load_error_strings();
- SSL_context = SSL_CTX_new(TLSv1_method());
+ SSL_context = SSL_CTX_new(SSLv23_method());
if (!SSL_context)
{
postmaster_error("failed to create SSL
context: %s",
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2002-12-18 04:22:04 | Re: 7.3.1 stamped |
| Previous Message | Bruce Momjian | 2002-12-18 03:12:11 | Re: Update on replication |