| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Michael Paquier <michael(at)paquier(dot)xyz> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Retire support for OpenSSL 1.1.1 due to raised API requirements |
| Date: | 2024-09-10 08:44:42 |
| Message-ID: | 6C3D2F05-39AD-4B15-BF56-14B5B0749811@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 10 Sep 2024, at 00:53, Michael Paquier <michael(at)paquier(dot)xyz> wrote:
>
> On Mon, Sep 09, 2024 at 11:29:09PM +0200, Daniel Gustafsson wrote:
>> Agreed. OpenSSL 1.1.1 is very different story and I suspect we'll be stuck on
>> that level for some time, but 1.1.0 is gone from production use.
>
> The cleanup induced by the removal of 1.1.0 is minimal. I'm on board
> about your argument with SSL_CTX_set_ciphersuites() to drop 1.1.0 and
> simplify the other feature.
Yeah, the change to existing code is trivial but avoiding adding a kluge to
handle versions without the relevant API will save complexity. Thanks for
review.
This change will be committed together with the TLSv1.3 cipher suite pathcset,
just wanted to bring it up here and not hide it in another thread.
--
Daniel Gustafsson
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Yugo NAGATA | 2024-09-10 08:45:57 | Re: Add has_large_object_privilege function |
| Previous Message | Peter Smith | 2024-09-10 08:19:37 | Re: Pgoutput not capturing the generated columns |