Re: Update minimum SSL version
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
Cc: Magnus Hagander <magnus@hagander.net>,
Michael Paquier <michael@paquier.xyz>,
Robert Haas <robertmhaas@gmail.com>,
Daniel Gustafsson <daniel@yesql.se>,
pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2019-12-05T01:50:01Z
Lists: pgsql-hackers
Peter Eisentraut <peter.eisentraut@2ndquadrant.com> writes: > On 2019-12-04 13:53, Tom Lane wrote: >> So, what exactly are we going to set as the new minimum version in >> each case? I'll have to go update my trailing-edge-Johnnie buildfarm >> critters, and it'd make sense to have them continue to test the >> oldest nominally-supported versions. >> >> For OpenSSL it seems like 1.0.1a is the target, per the above >> discussion. >> >> For Python, I'll just observe that RHEL6 ships 2.6.6, so we can't >> bump up to 2.7. > Yes, it would be Python 2.6. So the upshot, after a fair amount of hair-pulling, is * Somebody maybe should be testing openssl 1.0.1, but it won't be me, because neither 1.0.1 nor 1.0.1a will even build on non-Intel platforms. After closer study of their release notes, I've settled on 1.0.1e as being the best compromise between being old and not having unreasonable teething pains. (I wonder how coincidental it is that that's also what Red Hat is now shipping in RHEL6.) I've successfully installed 1.0.1e on prairiedog and gaur, so I can flip them to start building HEAD with that whenever we break compatibility with 0.9.8. * Python 2.6.x also suffered from an unreasonable amount of teething pains --- 2.6.2 is the oldest version that seems to know how to build a shared library on Darwin. I've now got a reasonably functional 2.6 on gaur and 2.6.2 on prairiedog, and again will adjust those buildfarm members to use those installations when/if our support for their current versions goes away. regards, tom lane
Commits
-
Fix handling of OpenSSL's SSL_clear_options
- 7ad544fd8e45 11.7 landed
- 902276ff1309 12.2 landed
- 7d0bcb047717 13.0 landed
-
Remove configure check for OpenSSL's SSL_get_current_compression()
- 28f4bba66b57 13.0 landed
-
Update minimum SSL version
- b1abfec82547 13.0 landed