| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Update minimum SSL version |
| Date: | 2019-11-29 12:40:48 |
| Message-ID: | CABUevEy4meLCVnrTbjU9zoJvRoWUjvmdmUUkaoAqKYkk0MWHYA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Nov 29, 2019 at 11:10 AM Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
> > On 29 Nov 2019, at 08:36, Peter Eisentraut <
> peter(dot)eisentraut(at)2ndquadrant(dot)com> wrote:
> >
> > I propose to change the default of ssl_min_protocol_version to TLSv1.2
> (from TLSv1, which means 1.0). Older versions would still be supported,
> just not by default.
>
> +1 for having a sane default with a way to fall back to older versions in
> case
> they are required.
>
+1. As long as we still have support to change it down if needed, it's a
good thing to ship with a proper default.
--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2019-11-29 12:57:27 | Re: Update minimum SSL version |
| Previous Message | Amit Kapila | 2019-11-29 12:09:58 | Re: Do XID sequences need to be contiguous? |