| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Retire support for OpenSSL 1.1.1 due to raised API requirements |
| Date: | 2024-09-09 21:29:09 |
| Message-ID: | 92AF09AB-A579-470C-A451-C29CF410F8F3@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 9 Sep 2024, at 16:48, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> Daniel Gustafsson <daniel(at)yesql(dot)se> writes:
>> The patchset in https://commitfest.postgresql.org/49/5025/ which adds support
>> for configuring cipher suites in TLS 1.3 handshakes require an API available in
>> OpenSSL 1.1.1 and onwards. With that as motivation I'd like to propose that we
>> remove support for OpenSSL 1.1.0 and set the minimum required version to 1.1.1.
>> OpenSSL 1.1.0 was EOL in September 2019 and was never an LTS version, so it's
>> not packaged in anything anymore AFAICT and should be very rare in production
>> use in conjunction with an updated postgres. 1.1.1 LTS will be 2 years EOL by
>> the time v18 ships so I doubt this will be all that controversial.
>
> Yeah ... the alternative would be to conditionally compile the new
> functionality. That doesn't seem like a productive use of developer
> time if it's supporting just one version that should be extinct in
> the wild by now.
Agreed. OpenSSL 1.1.1 is very different story and I suspect we'll be stuck on
that level for some time, but 1.1.0 is gone from production use.
--
Daniel Gustafsson
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Noah Misch | 2024-09-09 21:32:50 | Re: Use read streams in pg_visibility |
| Previous Message | Daniel Gustafsson | 2024-09-09 21:21:16 | Re: [PATCH] Fix small overread during SASLprep |