Re: Setting min/max TLS protocol in clientside libpq

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Michael Paquier <michael@paquier.xyz>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, cary huang <hcary328@gmail.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2020-01-28T10:29:39Z
Lists: pgsql-hackers
> On 28 Jan 2020, at 04:53, Michael Paquier <michael@paquier.xyz> wrote:

> Now, we already mention in the docs which values the min and max
> bounds support, and that the version of OpenSSL used by the backend
> and the frontend are impacted by that depending on what version of
> OpenSSL one or the other link to.  The remaining piece is that the
> client and the server negotiate the protocol they use, which is an
> obvious fact, at least to me..

You don't really qualify as the target audience for basic, yet not always
universally known/understood, sections in the documentation though =) I've
heard enough complaints that it's complicated to set up that I think we need to
make the docs more digestable, but if noone else +1's then lets drop it.

cheers ./daniel


Commits

  1. Rename connection parameters to control min/max SSL protocol version in libpq

  2. Add connection parameters to control SSL protocol min/max in libpq

  3. Move OpenSSL routines for min/max protocol setting to src/common/