Quick Links

Re: Support tls-exporter as channel binding for TLSv1.3

From:	Jacob Champion <jchampion(at)timescale(dot)com>
To:	Michael Paquier <michael(at)paquier(dot)xyz>
Cc:	Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject:	Re: Support tls-exporter as channel binding for TLSv1.3
Date:	2022-10-13 17:30:37
Message-ID:	CAAWbhmiOMM4L5n_HTi=_c4Jf2JsBV=XDhYPOfuSpqOyT+7f-Mw@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Wed, Oct 12, 2022 at 11:01 PM Michael Paquier <michael(at)paquier(dot)xyz> wrote:
> One thing that would reduce the complexity of the equation is
> to drop support for tls-server-end-point in the backend in PG >= 16 as
> the versions of OpenSSL we still support on HEAD would cover
> completely tls-exporter.

Is the intent to backport tls-exporter client support? Or is the
compatibility break otherwise acceptable?

It seemed like there was also some general interest in proxy TLS
termination (see also the PROXY effort, though it has stalled a bit).
For that, I would think tls-server-end-point is an important feature.

--Jacob

In response to

Re: Support tls-exporter as channel binding for TLSv1.3 at 2022-10-13 06:00:59 from Michael Paquier

Responses

Re: Support tls-exporter as channel binding for TLSv1.3 at 2022-10-14 02:00:10 from Michael Paquier

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Nathan Bossart	2022-10-13 17:45:06	Re: Suppressing useless wakeups in walreceiver
Previous Message	Melanie Plageman	2022-10-13 17:29:32	Re: pg_stat_bgwriter.buffers_backend is pretty meaningless (and more?)