| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Ehtesham Pradhan <ehtesham(dot)pradhan(at)lookout(dot)com> |
| Cc: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: TLS 1.0 |
| Date: | 2021-08-06 16:46:02 |
| Message-ID: | 2494047.1628268362@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Ehtesham Pradhan <ehtesham(dot)pradhan(at)lookout(dot)com> writes:
> Our client is using Version : PostgreSQL 9.6.17 , they have done vulnerability
> assessment and found that :
> - TLS version 1.0 Protocol detection
> - The remote service encrypt traffic with older version of TLS
This is mostly a matter of whether the OpenSSL libraries being used on
both ends are up-to-date. If you were using PG 12 or later you could
set the server parameter ssl_min_protocol_version to enforce whatever
policy you want about minimum TLS version. But in 9.6.x it's going
to be strictly a matter of what OpenSSL wants to do. Check the
system-wide OpenSSL configuration on each end, and update OpenSSL
if necessary. At least with reasonably modern OpenSSL, you should
be able to enforce a minimum TLS version in OpenSSL's config
(see MinProtocol).
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Steve Crawford | 2021-08-06 16:47:56 | Re: TLS 1.0 |
| Previous Message | Peter Eisentraut | 2021-08-06 15:57:51 | Re: sort order |