Re: Update minimum SSL version

Peter Eisentraut <peter.eisentraut@2ndquadrant.com>

From: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
To: Magnus Hagander <magnus@hagander.net>, Michael Paquier <michael@paquier.xyz>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Robert Haas <robertmhaas@gmail.com>, Daniel Gustafsson <daniel@yesql.se>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2019-12-04T08:10:04Z
Lists: pgsql-hackers
On 2019-12-03 12:44, Magnus Hagander wrote:
> On Tue, Dec 3, 2019 at 12:09 PM Michael Paquier <michael@paquier.xyz 
> <mailto:michael@paquier.xyz>> wrote:
> 
>     On Tue, Dec 03, 2019 at 10:10:57AM +0100, Magnus Hagander wrote:
>      > Is 1.0.1 considered a separate major from 1.0.0, in this
>     reasoning? Because
>      > while retiring 1.0.0 should probably not be that terrible, 1.0.1
>     is still
>      > in very widespread use on most long term supported distributions.
> 
>     1.0.1 and 1.0.0 are two different major releases in the OpenSSL world,
>     so my suggestion would be to cut support for everything which does not
>     have TLSv1.2, meaning that we keep compatibility with 1.0.1 for
>     a longer period.
> 
> 
> Good, that's what I thought you meant :) And that makes it sound like a 
> working plan to me.

This would mean we'd stop support for RHEL 5, which is probably OK, 
seeing that even the super-extended support ends in November 2020.

Dropping RHEL 5 would also allow us to drop support for Python 2.4, 
which is something I've been itching to do. ;-)

In both of these cases, maintaining support for all these ancient 
versions is a significant burden IMO, so it would be good to clean up 
the tail end a bit.

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services



Commits

  1. Fix handling of OpenSSL's SSL_clear_options

  2. Remove configure check for OpenSSL's SSL_get_current_compression()

  3. Update minimum SSL version