| From: | Jacob Champion <jchampion(at)timescale(dot)com> |
|---|---|
| To: | Michael Paquier <michael(at)paquier(dot)xyz> |
| Cc: | "* Neustradamus *" <neustradamus(at)hotmail(dot)com>, "pgsql-bugs(at)lists(dot)postgresql(dot)org" <pgsql-bugs(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: RFC 9266: Channel Bindings for TLS 1.3 support |
| Date: | 2022-07-29 17:28:19 |
| Message-ID: | CAAWbhmgN+=v_q-DUZ=0JNbegxCewfn=xTcsT4Xhf2TX6NpSNdg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Thu, Jul 28, 2022 at 10:44 PM Michael Paquier <michael(at)paquier(dot)xyz> wrote:
> tls-unique is not planned, as we have already tls-server-end-point for
> TLS1.2 and Postgres requires a certificate, anyway.
I think we can provide tls-exporter for older TLS versions as well, as
long as SSL_get_extms_support() returns 1 for the connection, per
Section 4.2 [1]. That would let people use a unique binding even if
they can't use TLS 1.3 for whatever reason.
> I should be able to get something sent to the mailing lists for the
> commit fest of September, so as we could have this feature in v16~.
Thanks!
--Jacob
[1] https://datatracker.ietf.org/doc/html/rfc9266#section-4.2
| From | Date | Subject | |
|---|---|---|---|
| Next Message | PG Bug reporting form | 2022-07-29 22:18:54 | BUG #17562: Strange behavior of to_tsquery() with a - character |
| Previous Message | Tom Lane | 2022-07-29 16:57:49 | Re: BUG #17561: Server crashes on executing row() with very long argument list |