Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~?

Michael Paquier <michael@paquier.xyz>

From: Michael Paquier <michael@paquier.xyz>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Joe Conway <mail@joeconway.com>, Tom Lane <tgl@sss.pgh.pa.us>, Peter Eisentraut <peter@eisentraut.org>, Jacob Champion <jacob.champion@enterprisedb.com>, Thomas Munro <thomas.munro@gmail.com>, Postgres hackers <pgsql-hackers@lists.postgresql.org>, Mikael Kjellström <mikael.kjellstrom@gmail.com>
Date: 2024-08-07T23:59:17Z
Lists: pgsql-hackers
> On Aug 7, 2024, at 22:49, Daniel Gustafsson <daniel@yesql.se> wrote:
> I think it's highly likely that we will see complaints for any support we
> deprecate.  OpenSSL 1.0.2 will however still be supported for another 5 years
> with v17 (which is ~9years past its EOL date) so I don't feel too bad about it.

I’ve cut 1.0.1 at least by myself last year, and definitely not regret it while not hearing complains on the matter. 1.0.2 being a LTS matters more in the likeliness to see complaints, but I think it’s time to just let it go. So let’s do it and move on.

I’d seriously consider 1.1.0 as well for this release cycle as something to drop but I’m ok to keep it as the code gains are not really here. The 1.0.2 cut removes a lot of code and concepts particularly with the libcrypto threading and its locks!
--
Michael




Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Remove obsolete unconstify()

  2. Only perform pg_strong_random init when required

  3. Remove support for OpenSSL older than 1.1.0

  4. Support SSL_R_VERSION_TOO_LOW when using LibreSSL

  5. Support disallowing SSL renegotiation when using LibreSSL

  6. Doc: Use past tense for things which happened in the past

  7. Remove support for OpenSSL 1.0.1

  8. Remove support for OpenSSL 0.9.8 and 1.0.0