| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Retire support for OpenSSL 1.1.1 due to raised API requirements |
| Date: | 2024-09-09 12:22:19 |
| Message-ID: | 909A668B-06AD-47D1-B8EB-A164211AAD16@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Commit a70e01d430 removed support for OpenSSL 1.0.2 in order to simplify the
code by removing the need for finicky initialization of the library. Based on
our API usage the new minimum version was defined as 1.1.0.
The patchset in https://commitfest.postgresql.org/49/5025/ which adds support
for configuring cipher suites in TLS 1.3 handshakes require an API available in
OpenSSL 1.1.1 and onwards. With that as motivation I'd like to propose that we
remove support for OpenSSL 1.1.0 and set the minimum required version to 1.1.1.
OpenSSL 1.1.0 was EOL in September 2019 and was never an LTS version, so it's
not packaged in anything anymore AFAICT and should be very rare in production
use in conjunction with an updated postgres. 1.1.1 LTS will be 2 years EOL by
the time v18 ships so I doubt this will be all that controversial.
The attached is the 0001 from the above mentioned patchset for illustration.
The removal should happen when pushing the rest of the patchset.
Does anyone see any reason not to go to 1.1.1 as the minimum?
--
Daniel Gustafsson
| Attachment | Content-Type | Size |
|---|---|---|
| v5-0001-Raise-the-minimum-supported-OpenSSL-version-to-1..patch | application/octet-stream | 7.2 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Hunaid Sohail | 2024-09-09 12:45:17 | Re: [PATCH] Add roman support for to_number function |
| Previous Message | Daniel Gustafsson | 2024-09-09 12:00:17 | Re: Add support to TLS 1.3 cipher suites and curves lists |