Re: Update minimum SSL version

Peter Eisentraut <peter.eisentraut@2ndquadrant.com>

From: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
To: Tom Lane <tgl@sss.pgh.pa.us>, Michael Paquier <michael@paquier.xyz>
Cc: Magnus Hagander <magnus@hagander.net>, Daniel Gustafsson <daniel@yesql.se>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2019-12-02T10:39:48Z
Lists: pgsql-hackers
On 2019-11-29 16:30, Tom Lane wrote:
> Michael Paquier <michael@paquier.xyz> writes:
>> On Fri, Nov 29, 2019 at 01:40:48PM +0100, Magnus Hagander wrote:
>>> +1. As long as we still have support to change it down if needed, it's a
>>> good thing to ship with a proper default.
> 
>> +1.
> 
> What's the impact going to be on buildfarm members with older openssl
> installations?  Perhaps "none", if they aren't running the ssl test
> suite, but we should be clear about it.

If they aren't running the ssl tests, then none.

We could add an override of ssl_min_protocol_version in 
src/test/ssl/t/SSLServer.pm so that the tests still work with very old 
OpenSSL versions by default.  That might be a good idea.

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services



Commits

  1. Fix handling of OpenSSL's SSL_clear_options

  2. Remove configure check for OpenSSL's SSL_get_current_compression()

  3. Update minimum SSL version