Re: PostgreSQL and OpenSSL 4.0.0

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Michael Paquier <michael@paquier.xyz>
Cc: Daniel Gustafsson <daniel@yesql.se>, PostgreSQL-development <pgsql-hackers@lists.postgresql.org>
Date: 2026-05-07T22:22:14Z
Lists: pgsql-hackers
Michael Paquier <michael@paquier.xyz> writes:
> On Thu, May 07, 2026 at 03:44:45PM +0200, Daniel Gustafsson wrote:
>> For 14 through master the attached compiles without warnings and tests green on
>> all the supported versions of OpenSSL and LibreSSL.  That being said, I'm not
>> sure that we want to go all the way to 14 since if something does break, we
>> can't really go around fixing it - I think amending the docs in 14 stating that
>> OpenSSL 3.6 is the highest supported version is a better solution.

> One issue with this approach is that any builds on these branches (say
> REL_14_STABLE + OpenSSL 1.0.1) would be forced to either upgrade
> OpenSSL to at least 3.6 for a minor Postgres update or give up on any
> fix we can put on the 14 stable branch for six more months.  None of
> these solutions are cool.

With one eye on the calendar, I think the right way to proceed is to
push this to all branches (including 14) soon after next week's
releases.  I feel this is too high-risk to shove in just before a
release, but shortly after one is ideal since we'll have 3 months to
find out any problems.

I would support omitting 14 if we were down to just one remaining
release for it, but we'll have 2 (August and November).  So there
will still be an opportunity to fix things if there's an issue
that manages to escape notice until after the August releases.

			regards, tom lane