should libpq also require TLSv1.2 by default?

Peter Eisentraut <peter.eisentraut@2ndquadrant.com>

From: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
To: pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2020-06-24T06:39:26Z
Lists: pgsql-hackers
In PG13, we raised the server-side default of ssl_min_protocol_version 
to TLSv1.2.  We also added a connection setting named 
ssl_min_protocol_version to libpq.  But AFAICT, the default value of the 
libpq setting is empty, so any protocol version will be accepted.  Is 
this what we wanted?  Should we raise the default in libpq as well?

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services



Commits

  1. Add hints about protocol-version-related SSL connection failures.

  2. Change libpq's default ssl_min_protocol_version to TLSv1.2.