Re: Retire support for OpenSSL 1.1.1 due to raised API requirements
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2024-09-09T22:53:07Z
Lists: pgsql-hackers
On Mon, Sep 09, 2024 at 11:29:09PM +0200, Daniel Gustafsson wrote: > Agreed. OpenSSL 1.1.1 is very different story and I suspect we'll be stuck on > that level for some time, but 1.1.0 is gone from production use. The cleanup induced by the removal of 1.1.0 is minimal. I'm on board about your argument with SSL_CTX_set_ciphersuites() to drop 1.1.0 and simplify the other feature. I was wondering about HAVE_SSL_CTX_SET_NUM_TICKETS for a few seconds, but morepork that relies on LibreSSL 3.3.2 disagrees with me. -- Michael
Commits
-
Raise the minimum supported OpenSSL version to 1.1.1
- 6c66b7443ceb 18.0 landed
-
Remove support for OpenSSL older than 1.1.0
- a70e01d4306f 18.0 cited