| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Back-patch libpq support for TLS versions beyond v1. |
| Date: | 2015-05-22 00:42:16 |
| Message-ID: | E1Yvb2W-0007e2-NY@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Back-patch libpq support for TLS versions beyond v1.
Since 7.3.2, libpq has been coded in such a way that the only SSL protocol
it would allow was TLS v1. That approach is looking increasingly obsolete.
In commit 820f08cabdcbb899 we fixed it to allow TLS >= v1, but did not
back-patch the change at the time, partly out of caution and partly because
the question was confused by a contemporary server-side change to reject
the now-obsolete SSL protocol v3. 9.4 has now been out long enough that
it seems safe to assume the change is OK; hence, back-patch into 9.0-9.3.
(I also chose to back-patch some relevant comments added by commit
326e1d73c476a0b5, but did *not* change the server behavior; hence, pre-9.4
servers will continue to allow SSL v3, even though no remotely modern
client will request it.)
Per gripe from Jan Bilek.
Branch
------
REL9_0_STABLE
Details
-------
http://git.postgresql.org/pg/commitdiff/4dddf8552801ef013c40b22915928559a6fb22a0
Modified Files
--------------
src/backend/libpq/be-secure.c | 7 +++++++
src/interfaces/libpq/fe-secure.c | 11 ++++++++++-
2 files changed, 17 insertions(+), 1 deletion(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2015-05-22 00:48:11 | Re: Re: [COMMITTERS] pgsql: Add support for INSERT ... ON CONFLICT DO NOTHING/UPDATE. |
| Previous Message | Tom Lane | 2015-05-21 23:47:54 | pgsql: More fixes for lossy-GiST-distance-functions patch. |