Re: tls 1.3: sending multiple tickets
Daniel Gustafsson <daniel@yesql.se>
From: Daniel Gustafsson <daniel@yesql.se>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Marina Polyakova <m.polyakova@postgrespro.ru>,
Heikki Linnakangas <hlinnaka@iki.fi>,
Andres Freund <andres@anarazel.de>,
PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2024-07-29T09:56:55Z
Lists: pgsql-hackers
Attachments
- openssl_comments.diff (application/octet-stream) patch
> On 26 Jul 2024, at 20:29, Robert Haas <robertmhaas@gmail.com> wrote: > One of my chronic complaints about comments is > that they should say why we're doing things, not what we're doing. Agreed. > I feel like any > place where we are doing X because of some property of a non-PG code > base with which a particular reader might not be familiar, we should > have a comment explaining why we're doing it. And especially if it's > security-relevant. I'm sure there are more interactions with OpenSSL, and TLS in general, which warrants better comments but the attached takes a stab at the two examples in question here to get started (to avoid perfect get in the way of progress). -- Daniel Gustafsson
Commits
-
Fix building with MSVC for TLS session disabling
- e6dd0b8637b3 12.20 landed
- 634710dfb776 13.16 landed
- ddd66a6295c5 14.13 landed
- ce3045e9b0e5 15.8 landed
- 441eba34dfc5 16.4 landed
-
Fix macro placement in pg_config.h.in
- 83b4a6358b0a 16.4 landed
- 1272cfb7277f 17.0 landed
- 161c73462bf2 18.0 landed
- ac77add23b81 12.20 landed
- 970cd5c62b72 15.8 landed
- 51c1b4fd1579 14.13 landed
- 40e8ea9492df 13.16 landed
-
Disable all TLS session tickets
- ecbb1cd9b7ec 14.13 landed
- cc606afce1fb 16.4 landed
- 3df7f44a8c7c 17.0 landed
- 32121c077d69 12.20 landed
- 274bbced8538 18.0 landed
- 1f476bc75376 13.16 landed
- 118ec331bfb7 15.8 landed