Re: should libpq also require TLSv1.2 by default? - Mailing list pgsql-hackers

From Michael Paquier
Subject Re: should libpq also require TLSv1.2 by default?
Date
Msg-id 20200625044124.GG130132@paquier.xyz
Whole thread Raw
In response to Re: should libpq also require TLSv1.2 by default?  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-hackers
On Wed, Jun 24, 2020 at 10:50:39PM -0400, Tom Lane wrote:
> Can we do something comparable to the backend's HINT protocol, where
> we add on a comment that's only mostly-likely to be right?

OpenSSL publishes its error codes as of openssl/sslerr.h, and it looks
like the two error codes we would need to worry about are
SSL_R_UNSUPPORTED_PROTOCOL and SSL_R_NO_PROTOCOLS_AVAILABLE.  So we
could for example amend open_client_SSL() when negotiating the SSL
connection in libpq with error messages or hints that help better than
the current state of things, but that also means an extra maintenance
on our side to make sure that we keep in sync with new error codes
coming from the OpenSSL world.
--
Michael

Attachment

pgsql-hackers by date:

Previous
From: Alvaro Herrera
Date:
Subject: Re: Review for GetWALAvailability()
Next
From: Fabien COELHO
Date:
Subject: Re: Why forbid "INSERT INTO t () VALUES ();"