Home > mailing lists

Re: [COMMITTERS] pgsql: libpq: Support TLS versions beyond TLSv1. - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: [COMMITTERS] pgsql: libpq: Support TLS versions beyond TLSv1.
Date	February 1, 2014 00:05:01
Msg-id	21694.1391202290@sss.pgh.pa.us Whole thread Raw
In response to	Re: [COMMITTERS] pgsql: libpq: Support TLS versions beyond TLSv1. (Marko Kreen <markokr@gmail.com>)
List	pgsql-hackers

Tree view

Marko Kreen <markokr@gmail.com> writes:
> On Sat, Jan 25, 2014 at 12:25:30PM -0500, Tom Lane wrote:
>> Alternatively, given that TLS has been around for a dozen years and
>> openssl versions that old have not gotten security updates for a long
>> time, why don't we just reject SSLv3 on the backend side too?

> Attached patch disables SSLv3 in backend.
> TLS is supported in OpenSSL since fork from SSLeay, in Java since 1.4.2,
> in Windows since XP.  It's hard to imagine this causing any
> compatibility problems.

I didn't hear anyone objecting to this idea, so I'll go ahead and commit
this in HEAD.
        regards, tom lane

pgsql-hackers by date:

From: Tom Lane
Date: 01 February 2014, 00:00:38
Subject: Re: Add min and max execute statement time in pg_stat_statement

From: Bruce Momjian
Date: 01 February 2014, 00:06:55
Subject: Re: Misplaced BKI entries in pg_amproc.h

Re: [COMMITTERS] pgsql: libpq: Support TLS versions beyond TLSv1. - Mailing list pgsql-hackers

Previous

Next