Re: Update minimum SSL version

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Michael Paquier <michael@paquier.xyz>, Magnus Hagander <magnus@hagander.net>, Daniel Gustafsson <daniel@yesql.se>, Peter Eisentraut <peter.eisentraut@2ndquadrant.com>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2019-12-02T16:39:28Z
Lists: pgsql-hackers
Robert Haas <robertmhaas@gmail.com> writes:
> ... However, it would be worth putting in some
> effort to make sure that we give a good error message if this happens.

That's an excellent point, but it looks like we're pretty good
already.  I tried the patch with openssl 0.9.8x, and got this
failure at server start:

FATAL:  ssl_min_protocol_version setting TLSv1.2 not supported by this build

Maybe it'd be worth extending that to show the max supported
version, with some rats-nest of #ifdefs, but I'm not sure if
it's worth the trouble.

			regards, tom lane



Commits

  1. Fix handling of OpenSSL's SSL_clear_options

  2. Remove configure check for OpenSSL's SSL_get_current_compression()

  3. Update minimum SSL version