| From: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
|---|---|
| To: | Dag-Erling Smørgrav <des(at)des(dot)no> |
| Cc: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCH] add ssl_protocols configuration option |
| Date: | 2014-10-17 16:40:21 |
| Message-ID: | 20141017164020.GC7246@eldon.alvh.no-ip.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Dag-Erling Smørgrav wrote:
> Michael Paquier <michael(dot)paquier(at)gmail(dot)com> writes:
> > Please note that new features can only be added to the version
> > currently in development, aka 9.5.
>
> I understand this policy. However, this new feature a) has absolutely
> no impact unless the admin makes a conscious decision to use it and b)
> will make life much easier for everyone if a POODLE-like vulnerability
> is discovered in TLS.
I see this as vaguely related to
http://www.postgresql.org/message-id/20131114202733.GB7583@eldon.alvh.no-ip.org
where we want to have SSL behavior configurable in the back branches due
to renegotiation issues: there was talk in that thread about introducing
new GUC variables in back branches to control the behavior. The current
patch really doesn't add much in the way of features (SSLv3 support and
so on already exist in back branches) --- what it does add is a way to
control whether these are used.
--
Álvaro Herrera http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David G Johnston | 2014-10-17 16:43:38 | Re: Hash index creation warning |
| Previous Message | Bruce Momjian | 2014-10-17 16:22:19 | Hash index creation warning |