Re: [PATCH] add ssl_protocols configuration option
Alvaro Herrera <alvherre@2ndquadrant.com>
From: Alvaro Herrera <alvherre@2ndquadrant.com>
To: Dag-Erling Smørgrav <des@des.no>
Cc: Martijn van Oosterhout <kleptog@svana.org>,
Magnus Hagander <magnus@hagander.net>, Tom Lane <tgl@sss.pgh.pa.us>,
Michael Paquier <michael.paquier@gmail.com>,
PostgreSQL mailing lists <pgsql-hackers@postgresql.org>
Date: 2014-10-23T23:55:46Z
Lists: pgsql-hackers
Dag-Erling Smørgrav wrote: > Alvaro Herrera <alvherre@2ndquadrant.com> writes: > > OpenSSL just announced a week or two ago that they're abandoning support > > for 0.9.8 by the end of next year[1], which means its replacements have > > been around for a really long time. > > RHEL5 still has 0.9.8e with backported patches and will be supported > until 2017-03-31. > > FreeBSD 8.4, 9.1, 9.2 and 9.3 all have 0.9.8y with backported patches. > 8.4, 9.1 and 9.2 all expire before OpenSSL 0.9.8, but 9.3 will be > supported until 2016-12-31. > > 0.9.8 and 1.0.1 are not binary compatible, so upgrading is *not* an > option. We (as in FreeBSD) will have to make do - either develop our > own patches or adapt RedHat's. I think you misread me. I was saying to desupport 0.9.7, not 0.9.8. -- Álvaro Herrera http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services