Re: Update minimum SSL version

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
Cc: pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2019-11-29T10:10:32Z
Lists: pgsql-hackers
> On 29 Nov 2019, at 08:36, Peter Eisentraut <peter.eisentraut@2ndquadrant.com> wrote:
> 
> I propose to change the default of ssl_min_protocol_version to TLSv1.2 (from TLSv1, which means 1.0).  Older versions would still be supported, just not by default.

+1 for having a sane default with a way to fall back to older versions in case
they are required.

cheers ./daniel


Commits

  1. Fix handling of OpenSSL's SSL_clear_options

  2. Remove configure check for OpenSSL's SSL_get_current_compression()

  3. Update minimum SSL version