| From: | Nathan Mueller <nmueller(at)cs(dot)wisc(dot)edu> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: 7.3.1 stamped |
| Date: | 2002-12-18 04:27:13 |
| Message-ID: | 200212180427.WAA27749@norm.cs.wisc.edu |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> I am confused. How can we switch back to SSLv23_method and still be
> compatible with TLSv1_method. Does SSLv23_method support both?
SSLv23 understands SSLv2, SSLv3 and TLSv1. When used in a client it uses
SSLv2 but tells the server it can understand the other ones too. Check
out the SSL_CTX_new manpage for a lot more details.
> The SSL author didn't like SSLv23_method (especially SSLv2) and
> I am not
> confident to question his decision. We will just have to break
> backward
> compatibility with pre-7.3 clients. No one else has mentioned it as a
> problem, and in fact most have probably already upgraded to 7.3, so we
> should be OK.
I agree, TLSv1 is a lot better but there's no point in breaking
backwords compatibility when you don't have to. Also, given my problems
with 7.3's SSL I'd be surprised if a lot of people who use it have made
the switch.
--Nate
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2002-12-18 04:29:10 | Re: 7.3.1 stamped |
| Previous Message | Bruce Momjian | 2002-12-18 04:22:04 | Re: 7.3.1 stamped |