| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, Daniel Gustafsson <daniel(at)yesql(dot)se>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Update minimum SSL version |
| Date: | 2019-12-03 03:53:23 |
| Message-ID: | 20191203035323.GB1634@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Dec 02, 2019 at 12:51:26PM -0500, Tom Lane wrote:
> Yah. Although, looking at the code in be-secure-openssl.c,
> it doesn't look that hard to do in an extensible way.
> Something like (untested)
While we are on the topic... Here is another wild idea. We discussed
not so long ago about removing support for OpenSSL 0.9.8 from the
tree. What if we removed support for 1.0.0 and 0.9.8 for 13~. This
would solve a couple of compatibility headaches, and we have TLSv1.2
support automatically for all the versions supported. Note that 1.0.0
has been retired by upstream in February 2014.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2019-12-03 04:03:01 | Re: Failure in TAP tests of pg_ctl on Windows with parallel instance set |
| Previous Message | Michael Paquier | 2019-12-03 03:47:13 | Re: Update minimum SSL version |