Re: [HACKERS] GnuTLS support

On Wed, Jan 17, 2018 at 10:02:35PM -0500, Tom Lane wrote:
> That is a really good point. For precedent, note that darn near nobody
> seems to know whether their psql contains readline or libedit. If we
> force the issue by giving the settings different names, then they'll be
> forced to figure out which SSL implementation they have.
>
> On the other hand, you could argue that there are more user-friendly
> ways to expose that information than demanding that users play twenty
> questions with their config files. I'd at least want us to recognize
> when somebody tries to set "openssl_foo" in a gnutls implementation,
> and respond with "you need to twiddle the gnutls_xxx variables instead"
> rather than just "unrecognized configuration parameter". Maybe that'd
> be good enough, though.

To open another can of worms, are we ever going to rename "ssl"
parameters to "tls" since TLS is the protocol used by all modern secure
communication libraries. SSL was deprecated in 2015:

https://www.globalsign.com/en/blog/ssl-vs-tls-difference/
Both SSL 2.0 and 3.0 have been deprecated by the IETF (in 2011
and 2015, respectively).

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +