Re: Retire support for OpenSSL 1.1.1 due to raised API requirements
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2024-09-09T14:48:30Z
Lists: pgsql-hackers
Daniel Gustafsson <daniel@yesql.se> writes: > The patchset in https://commitfest.postgresql.org/49/5025/ which adds support > for configuring cipher suites in TLS 1.3 handshakes require an API available in > OpenSSL 1.1.1 and onwards. With that as motivation I'd like to propose that we > remove support for OpenSSL 1.1.0 and set the minimum required version to 1.1.1. > OpenSSL 1.1.0 was EOL in September 2019 and was never an LTS version, so it's > not packaged in anything anymore AFAICT and should be very rare in production > use in conjunction with an updated postgres. 1.1.1 LTS will be 2 years EOL by > the time v18 ships so I doubt this will be all that controversial. Yeah ... the alternative would be to conditionally compile the new functionality. That doesn't seem like a productive use of developer time if it's supporting just one version that should be extinct in the wild by now. regards, tom lane
Commits
-
Raise the minimum supported OpenSSL version to 1.1.1
- 6c66b7443ceb 18.0 landed
-
Remove support for OpenSSL older than 1.1.0
- a70e01d4306f 18.0 cited