Quick Links

Re: Retire support for OpenSSL 1.1.1 due to raised API requirements

From:	Michael Paquier <michael(at)paquier(dot)xyz>
To:	Daniel Gustafsson <daniel(at)yesql(dot)se>
Cc:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject:	Re: Retire support for OpenSSL 1.1.1 due to raised API requirements
Date:	2024-09-09 22:53:07
Message-ID:	Zt98U8IilHFfwvhR@paquier.xyz
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Mon, Sep 09, 2024 at 11:29:09PM +0200, Daniel Gustafsson wrote:
> Agreed. OpenSSL 1.1.1 is very different story and I suspect we'll be stuck on
> that level for some time, but 1.1.0 is gone from production use.

The cleanup induced by the removal of 1.1.0 is minimal. I'm on board
about your argument with SSL_CTX_set_ciphersuites() to drop 1.1.0 and
simplify the other feature.

I was wondering about HAVE_SSL_CTX_SET_NUM_TICKETS for a few seconds,
but morepork that relies on LibreSSL 3.3.2 disagrees with me.
--
Michael

In response to

Re: Retire support for OpenSSL 1.1.1 due to raised API requirements at 2024-09-09 21:29:09 from Daniel Gustafsson

Responses

Re: Retire support for OpenSSL 1.1.1 due to raised API requirements at 2024-09-10 08:44:42 from Daniel Gustafsson

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Jelte Fennema-Nio	2024-09-09 22:54:20	Re: Opinion poll: Sending an automated email to a thread when it gets added to the commitfest
Previous Message	Jelte Fennema-Nio	2024-09-09 22:52:36	Re: Opinion poll: Sending an automated email to a thread when it gets added to the commitfest