Home > mailing lists

Re: should libpq also require TLSv1.2 by default? - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: should libpq also require TLSv1.2 by default?
Date	June 26, 2020 16:19:43
Msg-id	2339796.1593177583@sss.pgh.pa.us Whole thread Raw
In response to	Re: should libpq also require TLSv1.2 by default? (Daniel Gustafsson <daniel@yesql.se>)
Responses	Re: should libpq also require TLSv1.2 by default? (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

Daniel Gustafsson <daniel@yesql.se> writes:
>> On 26 Jun 2020, at 00:44, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> BTW, the server-side report of the problem looks like
>> LOG:  could not accept SSL connection: wrong version number

> I can totally see some thinking that it's the psql version at client side which
> is referred to and not the TLS protocol version.  Perhaps we should add a hint
> there as well?

Not sure.  We can't fix it in the case we're mainly concerned about,
namely an out-of-support server version.  At the same time, it's certainly
true that "version number" is way too under-specified in this context.
Maybe improving this against the day that TLSv2 exists would be smart.

            regards, tom lane

pgsql-hackers by date:

From: Robert Haas
Date: 26 June 2020, 15:46:41
Subject: Re: [Patch] ALTER SYSTEM READ ONLY

From: Andrew Dunstan
Date: 26 June 2020, 16:57:04
Subject: pg_dump bug for extension owned tables

Re: should libpq also require TLSv1.2 by default? - Mailing list pgsql-hackers

Previous

Next