Re: Retire support for OpenSSL 1.1.1 due to raised API requirements

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2024-09-09T14:48:30Z
Lists: pgsql-hackers
Daniel Gustafsson <daniel@yesql.se> writes:
> The patchset in https://commitfest.postgresql.org/49/5025/ which adds support
> for configuring cipher suites in TLS 1.3 handshakes require an API available in
> OpenSSL 1.1.1 and onwards.  With that as motivation I'd like to propose that we
> remove support for OpenSSL 1.1.0 and set the minimum required version to 1.1.1.
> OpenSSL 1.1.0 was EOL in September 2019 and was never an LTS version, so it's
> not packaged in anything anymore AFAICT and should be very rare in production
> use in conjunction with an updated postgres.  1.1.1 LTS will be 2 years EOL by
> the time v18 ships so I doubt this will be all that controversial.

Yeah ... the alternative would be to conditionally compile the new
functionality.  That doesn't seem like a productive use of developer
time if it's supporting just one version that should be extinct in
the wild by now.

			regards, tom lane



Commits

  1. Raise the minimum supported OpenSSL version to 1.1.1

  2. Remove support for OpenSSL older than 1.1.0