Home > mailing lists

Re: Supporting tls-server-end-point as SCRAM channel binding for OpenSSL 1.0.0 and 1.0.1 - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Supporting tls-server-end-point as SCRAM channel binding for OpenSSL 1.0.0 and 1.0.1
Date	June 6, 2018 22:49:25
Msg-id	12768.1528303765@sss.pgh.pa.us Whole thread Raw
In response to	Re: Supporting tls-server-end-point as SCRAM channel binding forOpenSSL 1.0.0 and 1.0.1 (Alvaro Herrera <alvherre@2ndquadrant.com>)
List	pgsql-hackers

Tree view

Alvaro Herrera <alvherre@2ndquadrant.com> writes:
> If SCRAM channel binding is an important aspect to security, and the
> older OpenSSL versions will still be around in servers for some time
> yet, it seems like it behooves us to go the extra mile and provide an
> implementation that works with such existing servers.  Looking at
> yum.postgresql.org, we seem to offer Postgres 11 packages for RHEL 6,
> which appears to have openssl 1.0.0.

Not sure if the difference is relevant here, but an up-to-date RHEL6
installation contains 1.0.1e:

$ rpm -q openssl
openssl-1.0.1e-57.el6.x86_64
openssl-1.0.1e-57.el6.i686

            regards, tom lane

pgsql-hackers by date:

From: Andrew Dunstan
Date: 06 June 2018, 22:40:40
Subject: Re: commitfest 2018-07

From: Tom Lane
Date: 06 June 2018, 23:06:24
Subject: Re: processSQLNamePattern() analog

Re: Supporting tls-server-end-point as SCRAM channel binding for OpenSSL 1.0.0 and 1.0.1 - Mailing list pgsql-hackers

Previous

Next