Re: Update minimum SSL version
Magnus Hagander <magnus@hagander.net>
From: Magnus Hagander <magnus@hagander.net>
To: Michael Paquier <michael@paquier.xyz>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Robert Haas <robertmhaas@gmail.com>, Daniel Gustafsson <daniel@yesql.se>,
Peter Eisentraut <peter.eisentraut@2ndquadrant.com>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2019-12-03T09:10:57Z
Lists: pgsql-hackers
On Tue, Dec 3, 2019 at 4:53 AM Michael Paquier <michael@paquier.xyz> wrote: > On Mon, Dec 02, 2019 at 12:51:26PM -0500, Tom Lane wrote: > > Yah. Although, looking at the code in be-secure-openssl.c, > > it doesn't look that hard to do in an extensible way. > > Something like (untested) > > While we are on the topic... Here is another wild idea. We discussed > not so long ago about removing support for OpenSSL 0.9.8 from the > tree. What if we removed support for 1.0.0 and 0.9.8 for 13~. This > would solve a couple of compatibility headaches, and we have TLSv1.2 > support automatically for all the versions supported. Note that 1.0.0 > has been retired by upstream in February 2014. > Is 1.0.1 considered a separate major from 1.0.0, in this reasoning? Because while retiring 1.0.0 should probably not be that terrible, 1.0.1 is still in very widespread use on most long term supported distributions. -- Magnus Hagander Me: https://www.hagander.net/ <http://www.hagander.net/> Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
Commits
-
Fix handling of OpenSSL's SSL_clear_options
- 7ad544fd8e45 11.7 landed
- 902276ff1309 12.2 landed
- 7d0bcb047717 13.0 landed
-
Remove configure check for OpenSSL's SSL_get_current_compression()
- 28f4bba66b57 13.0 landed
-
Update minimum SSL version
- b1abfec82547 13.0 landed