Re: Update minimum SSL version
Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
From: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
To: Magnus Hagander <magnus@hagander.net>,
Michael Paquier <michael@paquier.xyz>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Robert Haas <robertmhaas@gmail.com>,
Daniel Gustafsson <daniel@yesql.se>,
pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2019-12-04T08:10:04Z
Lists: pgsql-hackers
On 2019-12-03 12:44, Magnus Hagander wrote: > On Tue, Dec 3, 2019 at 12:09 PM Michael Paquier <michael@paquier.xyz > <mailto:michael@paquier.xyz>> wrote: > > On Tue, Dec 03, 2019 at 10:10:57AM +0100, Magnus Hagander wrote: > > Is 1.0.1 considered a separate major from 1.0.0, in this > reasoning? Because > > while retiring 1.0.0 should probably not be that terrible, 1.0.1 > is still > > in very widespread use on most long term supported distributions. > > 1.0.1 and 1.0.0 are two different major releases in the OpenSSL world, > so my suggestion would be to cut support for everything which does not > have TLSv1.2, meaning that we keep compatibility with 1.0.1 for > a longer period. > > > Good, that's what I thought you meant :) And that makes it sound like a > working plan to me. This would mean we'd stop support for RHEL 5, which is probably OK, seeing that even the super-extended support ends in November 2020. Dropping RHEL 5 would also allow us to drop support for Python 2.4, which is something I've been itching to do. ;-) In both of these cases, maintaining support for all these ancient versions is a significant burden IMO, so it would be good to clean up the tail end a bit. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Commits
-
Fix handling of OpenSSL's SSL_clear_options
- 7ad544fd8e45 11.7 landed
- 902276ff1309 12.2 landed
- 7d0bcb047717 13.0 landed
-
Remove configure check for OpenSSL's SSL_get_current_compression()
- 28f4bba66b57 13.0 landed
-
Update minimum SSL version
- b1abfec82547 13.0 landed