Re: Update minimum SSL version
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
Cc: Magnus Hagander <magnus@hagander.net>,
Michael Paquier <michael@paquier.xyz>,
Robert Haas <robertmhaas@gmail.com>,
Daniel Gustafsson <daniel@yesql.se>,
pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2019-12-04T12:53:21Z
Lists: pgsql-hackers
Peter Eisentraut <peter.eisentraut@2ndquadrant.com> writes: > On 2019-12-03 12:44, Magnus Hagander wrote: >> On Tue, Dec 3, 2019 at 12:09 PM Michael Paquier <michael@paquier.xyz >> <mailto:michael@paquier.xyz>> wrote: >> On Tue, Dec 03, 2019 at 10:10:57AM +0100, Magnus Hagander wrote: >>> Is 1.0.1 considered a separate major from 1.0.0, in this reasoning? Because >>> while retiring 1.0.0 should probably not be that terrible, 1.0.1 >>> is still in very widespread use on most long term supported distributions. > This would mean we'd stop support for RHEL 5, which is probably OK, > seeing that even the super-extended support ends in November 2020. > Dropping RHEL 5 would also allow us to drop support for Python 2.4, > which is something I've been itching to do. ;-) > In both of these cases, maintaining support for all these ancient > versions is a significant burden IMO, so it would be good to clean up > the tail end a bit. So, what exactly are we going to set as the new minimum version in each case? I'll have to go update my trailing-edge-Johnnie buildfarm critters, and it'd make sense to have them continue to test the oldest nominally-supported versions. For OpenSSL it seems like 1.0.1a is the target, per the above discussion. For Python, I'll just observe that RHEL6 ships 2.6.6, so we can't bump up to 2.7. regards, tom lane
Commits
-
Fix handling of OpenSSL's SSL_clear_options
- 7ad544fd8e45 11.7 landed
- 902276ff1309 12.2 landed
- 7d0bcb047717 13.0 landed
-
Remove configure check for OpenSSL's SSL_get_current_compression()
- 28f4bba66b57 13.0 landed
-
Update minimum SSL version
- b1abfec82547 13.0 landed