Re: Update minimum SSL version
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Robert Haas <robertmhaas@gmail.com>, Magnus Hagander <magnus@hagander.net>, Daniel Gustafsson <daniel@yesql.se>, Peter Eisentraut <peter.eisentraut@2ndquadrant.com>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2019-12-03T03:53:23Z
Lists: pgsql-hackers
On Mon, Dec 02, 2019 at 12:51:26PM -0500, Tom Lane wrote: > Yah. Although, looking at the code in be-secure-openssl.c, > it doesn't look that hard to do in an extensible way. > Something like (untested) While we are on the topic... Here is another wild idea. We discussed not so long ago about removing support for OpenSSL 0.9.8 from the tree. What if we removed support for 1.0.0 and 0.9.8 for 13~. This would solve a couple of compatibility headaches, and we have TLSv1.2 support automatically for all the versions supported. Note that 1.0.0 has been retired by upstream in February 2014. -- Michael
Commits
-
Fix handling of OpenSSL's SSL_clear_options
- 7ad544fd8e45 11.7 landed
- 902276ff1309 12.2 landed
- 7d0bcb047717 13.0 landed
-
Remove configure check for OpenSSL's SSL_get_current_compression()
- 28f4bba66b57 13.0 landed
-
Update minimum SSL version
- b1abfec82547 13.0 landed