Re: 7.3.1 stamped

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Nathan Mueller <nmueller(at)cs(dot)wisc(dot)edu>
Cc: PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: 7.3.1 stamped
Date: 2002-12-18 04:29:10
Message-ID: 200212180429.gBI4TAM08655@candle.pha.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Nathan Mueller wrote:
> > I am confused. How can we switch back to SSLv23_method and still be
> > compatible with TLSv1_method. Does SSLv23_method support both?
>
> SSLv23 understands SSLv2, SSLv3 and TLSv1. When used in a client it uses
> SSLv2 but tells the server it can understand the other ones too. Check
> out the SSL_CTX_new manpage for a lot more details.
>
> > The SSL author didn't like SSLv23_method (especially SSLv2) and
> > I am not
> > confident to question his decision. We will just have to break
> > backward
> > compatibility with pre-7.3 clients. No one else has mentioned it as a
> > problem, and in fact most have probably already upgraded to 7.3, so we
> > should be OK.
>
> I agree, TLSv1 is a lot better but there's no point in breaking
> backwords compatibility when you don't have to. Also, given my problems
> with 7.3's SSL I'd be surprised if a lot of people who use it have made
> the switch.

Well, we break backward compatibility so people can't use SSL2 to
connect to the server. Backward compatibility to a broken protocol
isn't what I would call secure. Is that accurate?

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Nathan Mueller 2002-12-18 04:48:40 Re: 7.3.1 stamped
Previous Message Nathan Mueller 2002-12-18 04:27:13 Re: 7.3.1 stamped