Retire support for OpenSSL 1.1.1 due to raised API requirements

From: Daniel Gustafsson <daniel(at)yesql(dot)se>
To: PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Retire support for OpenSSL 1.1.1 due to raised API requirements
Date: 2024-09-09 12:22:19
Message-ID: 909A668B-06AD-47D1-B8EB-A164211AAD16@yesql.se
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Commit a70e01d430 removed support for OpenSSL 1.0.2 in order to simplify the
code by removing the need for finicky initialization of the library. Based on
our API usage the new minimum version was defined as 1.1.0.

The patchset in https://commitfest.postgresql.org/49/5025/ which adds support
for configuring cipher suites in TLS 1.3 handshakes require an API available in
OpenSSL 1.1.1 and onwards. With that as motivation I'd like to propose that we
remove support for OpenSSL 1.1.0 and set the minimum required version to 1.1.1.
OpenSSL 1.1.0 was EOL in September 2019 and was never an LTS version, so it's
not packaged in anything anymore AFAICT and should be very rare in production
use in conjunction with an updated postgres. 1.1.1 LTS will be 2 years EOL by
the time v18 ships so I doubt this will be all that controversial.

The attached is the 0001 from the above mentioned patchset for illustration.
The removal should happen when pushing the rest of the patchset.

Does anyone see any reason not to go to 1.1.1 as the minimum?

--
Daniel Gustafsson

Attachment Content-Type Size
v5-0001-Raise-the-minimum-supported-OpenSSL-version-to-1..patch application/octet-stream 7.2 KB

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Hunaid Sohail 2024-09-09 12:45:17 Re: [PATCH] Add roman support for to_number function
Previous Message Daniel Gustafsson 2024-09-09 12:00:17 Re: Add support to TLS 1.3 cipher suites and curves lists