Support disallowing SSL renegotiation when using LibreSSL
Daniel Gustafsson <dgustafsson@postgresql.org>
Support disallowing SSL renegotiation when using LibreSSL LibreSSL doesn't support the SSL_OP_NO_RENEGOTIATION macro which is used by OpenSSL, instead it has invented a similar one for client- side renegotiation: SSL_OP_NO_CLIENT_RENEGOTIATION. This has been supported since LibreSSL 2.5.1 which by now can be considered well below the minimum requirement. Reviewed-by: Peter Eisentraut <peter@eisentraut.org> Reviewed-by: Michael Paquier <michael@paquier.xyz> Discussion: https://postgr.es/m/eac70d46-e61c-4d71-a1e1-78e2bfa19485@eisentraut.org
Files
| Path | Change | +/− |
|---|---|---|
| src/backend/libpq/be-secure-openssl.c | modified | +10 −5 |
Discussion
- Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~? 121 messages · 2023-05-24 → 2024-12-17