| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Marko Kreen <markokr(at)gmail(dot)com> |
| Cc: | Noah Misch <noah(at)leadboat(dot)com>, pgsql-hackers(at)postgresql(dot)org, Wim Lewis <wiml(at)omnigroup(dot)com>, Jeffrey Walton <noloader(at)gmail(dot)com> |
| Subject: | Re: [COMMITTERS] pgsql: libpq: Support TLS versions beyond TLSv1. |
| Date: | 2014-01-31 21:04:50 |
| Message-ID: | 21694.1391202290@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
Marko Kreen <markokr(at)gmail(dot)com> writes:
> On Sat, Jan 25, 2014 at 12:25:30PM -0500, Tom Lane wrote:
>> Alternatively, given that TLS has been around for a dozen years and
>> openssl versions that old have not gotten security updates for a long
>> time, why don't we just reject SSLv3 on the backend side too?
> Attached patch disables SSLv3 in backend.
> TLS is supported in OpenSSL since fork from SSLeay, in Java since 1.4.2,
> in Windows since XP. It's hard to imagine this causing any
> compatibility problems.
I didn't hear anyone objecting to this idea, so I'll go ahead and commit
this in HEAD.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2014-01-31 21:37:31 | pgsql: docs: specify FOR UPDATE/SHARE incompatibilities |
| Previous Message | Bruce Momjian | 2014-01-31 21:04:25 | pgsql: system catalogs: reorder pg_amproc entries into proper sections |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2014-01-31 21:06:51 | Re: Misplaced BKI entries in pg_amproc.h |
| Previous Message | Tom Lane | 2014-01-31 21:00:13 | Re: Add min and max execute statement time in pg_stat_statement |