Re: [PATCH] add ssl_protocols configuration option

From: Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>
To: Dag-Erling Smørgrav <des(at)des(dot)no>
Cc: Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: [PATCH] add ssl_protocols configuration option
Date: 2014-10-17 16:40:21
Message-ID: 20141017164020.GC7246@eldon.alvh.no-ip.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Dag-Erling Smørgrav wrote:
> Michael Paquier <michael(dot)paquier(at)gmail(dot)com> writes:
> > Please note that new features can only be added to the version
> > currently in development, aka 9.5.
>
> I understand this policy. However, this new feature a) has absolutely
> no impact unless the admin makes a conscious decision to use it and b)
> will make life much easier for everyone if a POODLE-like vulnerability
> is discovered in TLS.

I see this as vaguely related to
http://www.postgresql.org/message-id/20131114202733.GB7583@eldon.alvh.no-ip.org
where we want to have SSL behavior configurable in the back branches due
to renegotiation issues: there was talk in that thread about introducing
new GUC variables in back branches to control the behavior. The current
patch really doesn't add much in the way of features (SSLv3 support and
so on already exist in back branches) --- what it does add is a way to
control whether these are used.

--
Álvaro Herrera http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message David G Johnston 2014-10-17 16:43:38 Re: Hash index creation warning
Previous Message Bruce Momjian 2014-10-17 16:22:19 Hash index creation warning