Home > mailing lists

Re: Use EVP API pgcrypto encryption, dropping support for OpenSSL 0.9.6 and older - Mailing list pgsql-hackers

From	Alvaro Herrera
Subject	Re: Use EVP API pgcrypto encryption, dropping support for OpenSSL 0.9.6 and older
Date	October 5, 2015 18:16:15
Msg-id	20151005151605.GC8531@alvherre.pgsql Whole thread Raw
In response to	Use EVP API pgcrypto encryption, dropping support for OpenSSL 0.9.6 and older (Heikki Linnakangas <hlinnaka@iki.fi>)
Responses	Re: Use EVP API pgcrypto encryption, dropping support for OpenSSL 0.9.6 and older (Andres Freund <andres@anarazel.de>)
List	pgsql-hackers

Tree view

Heikki Linnakangas wrote:

> In short, pgcrypto actually used to use the EVP functions, but was changed
> to *not* use them, because in older versions of OpenSSL, some key lengths
> and/or padding options that pgcrypto supports were not supported by the EVP
> API. That was fixed in OpenSSL 0.9.7, however. The consensus in 2007 was
> that we could drop support for OpenSSL 0.9.6 and below, so that should
> definitely be OK by now, if we haven't already done that elsewhere in the
> code.

I think we already effectively dropped support for < 0.9.7 with the
renegotiation fixes; see
https://www.postgresql.org/message-id/20130712203252.GH29206%40eldon.alvh.no-ip.org

-- 
Álvaro Herrera                http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

pgsql-hackers by date:

From: Tom Lane
Date: 05 October 2015, 18:16:07
Subject: Re: Less than ideal error reporting in pg_stat_statements

From: Andrew Dunstan
Date: 05 October 2015, 18:27:56
Subject: Re: Less than ideal error reporting in pg_stat_statements

Re: Use EVP API pgcrypto encryption, dropping support for OpenSSL 0.9.6 and older - Mailing list pgsql-hackers

Previous

Next