Re: Update minimum SSL version

Magnus Hagander <magnus@hagander.net>

From: Magnus Hagander <magnus@hagander.net>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2019-11-29T12:40:48Z
Lists: pgsql-hackers
On Fri, Nov 29, 2019 at 11:10 AM Daniel Gustafsson <daniel@yesql.se> wrote:

> > On 29 Nov 2019, at 08:36, Peter Eisentraut <
> peter.eisentraut@2ndquadrant.com> wrote:
> >
> > I propose to change the default of ssl_min_protocol_version to TLSv1.2
> (from TLSv1, which means 1.0).  Older versions would still be supported,
> just not by default.
>
> +1 for having a sane default with a way to fall back to older versions in
> case
> they are required.
>

+1. As long as we still have support to change it down if needed, it's a
good thing to ship with a proper default.

-- 
 Magnus Hagander
 Me: https://www.hagander.net/ <http://www.hagander.net/>
 Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>

Commits

  1. Fix handling of OpenSSL's SSL_clear_options

  2. Remove configure check for OpenSSL's SSL_get_current_compression()

  3. Update minimum SSL version