Re: PostgreSQL and OpenSSL 4.0.0

Michael Paquier <michael@paquier.xyz>

From: Michael Paquier <michael@paquier.xyz>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, PostgreSQL-development <pgsql-hackers@lists.postgresql.org>
Date: 2026-05-08T07:17:32Z
Lists: pgsql-hackers
On Fri, May 08, 2026 at 09:07:41AM +0200, Daniel Gustafsson wrote:
> Not sure I follow, anyone still building with a X years out of support OpenSSL
> will most likely keep doing so regardless of what CVE's are published.  It
> could of course make backpatching trickier if thats what you mean?

Argh.  I've misread you here, reading a "lowest" rather than
"highest".   Documenting that 3.6 is the highest version support on 
14-stable would also work here.  My apologies for the confusion.

If the patches for REL_14_STABLE to add support for 4.0 prove to be
low-risk while messing with 1.0.1, that would the best course of
action, of course.
--
Michael