I wrote:
> libpq versions before 9.4 will only accept TLSv1 exactly. In 9.4 it
> should negotiate the highest TLS version supported by both server and
> client.
> I don't recall why we didn't back-patch that change, probably excessive
> concern for backwards compatibility ... but anyway, AFAICS from the git
> logs, it's not in 9.3.x. I think you could get TLS 1.2 from a 9.3 server
> and 9.4 libpq, if that helps.
Looking back at the discussions, it seems the reason we only changed HEAD
is that the change to let libpq negotiate TLS > v1 got conflated with
modifying the server to reject SSL v3. See threads here:
http://www.postgresql.org/message-id/flat/20140110061253.46E0E153E0AE@machamp.omnigroup.com#20140110061253.46E0E153E0AE@machamp.omnigroup.com
http://www.postgresql.org/message-id/flat/E1W6rB1-0000go-Ij@gemulon.postgresql.org
and particularly commits 820f08cabdcbb899 and 326e1d73c476a0b5.
I think this was probably a mistake. I suggest that in the back branches
we should leave the server alone (rejecting SSL v3 might annoy somebody
using old non-libpq clients) but adjust libpq to use SSLv23_method() plus
SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3. IOW, back-patch 820f08cabdcbb899,
though perhaps also the comment adjustments in 326e1d73c476a0b5.
This would have the effect of allowing libpq to use TLS-anything, not only
TLSv1 which is what it's been requiring since 7.3.2.
Thoughts?
regards, tom lane
