| From: | Dag-Erling Smørgrav <des(at)des(dot)no> |
|---|---|
| To: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
| Cc: | Martijn van Oosterhout <kleptog(at)svana(dot)org>, Magnus Hagander <magnus(at)hagander(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCH] add ssl_protocols configuration option |
| Date: | 2014-10-23 16:40:50 |
| Message-ID: | 86zjcmzqlp.fsf@nine.des.no |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> writes:
> OpenSSL just announced a week or two ago that they're abandoning support
> for 0.9.8 by the end of next year[1], which means its replacements have
> been around for a really long time.
RHEL5 still has 0.9.8e with backported patches and will be supported
until 2017-03-31.
FreeBSD 8.4, 9.1, 9.2 and 9.3 all have 0.9.8y with backported patches.
8.4, 9.1 and 9.2 all expire before OpenSSL 0.9.8, but 9.3 will be
supported until 2016-12-31.
0.9.8 and 1.0.1 are not binary compatible, so upgrading is *not* an
option. We (as in FreeBSD) will have to make do - either develop our
own patches or adapt RedHat's.
> OpenSSL 0.9.7 has already not gotten fixes for all the latest flurry of
> security issues, so anyone *is* using SSL but not at least the 0.9.8
> branch, they are in trouble.
The latest 0.9.8 still only has TLS 1.0, unless they're planning to
backport 1.1 and 1.2 (which I seriously doubt).
DES
--
Dag-Erling Smørgrav - des(at)des(dot)no
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Borodin Vladimir | 2014-10-23 17:09:15 | ExclusiveLock on extension of relation with huge shared_buffers |
| Previous Message | Robert Haas | 2014-10-23 16:04:40 | Re: Deferring some AtStart* allocations? |