Re: Update minimum SSL version
Magnus Hagander <magnus@hagander.net>
From: Magnus Hagander <magnus@hagander.net>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2019-11-29T12:40:48Z
Lists: pgsql-hackers
On Fri, Nov 29, 2019 at 11:10 AM Daniel Gustafsson <daniel@yesql.se> wrote: > > On 29 Nov 2019, at 08:36, Peter Eisentraut < > peter.eisentraut@2ndquadrant.com> wrote: > > > > I propose to change the default of ssl_min_protocol_version to TLSv1.2 > (from TLSv1, which means 1.0). Older versions would still be supported, > just not by default. > > +1 for having a sane default with a way to fall back to older versions in > case > they are required. > +1. As long as we still have support to change it down if needed, it's a good thing to ship with a proper default. -- Magnus Hagander Me: https://www.hagander.net/ <http://www.hagander.net/> Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
Commits
-
Fix handling of OpenSSL's SSL_clear_options
- 7ad544fd8e45 11.7 landed
- 902276ff1309 12.2 landed
- 7d0bcb047717 13.0 landed
-
Remove configure check for OpenSSL's SSL_get_current_compression()
- 28f4bba66b57 13.0 landed
-
Update minimum SSL version
- b1abfec82547 13.0 landed