Home > mailing lists

Re: Supporting Windows SChannel as OpenSSL replacement - Mailing list pgsql-hackers

From	Heikki Linnakangas
Subject	Re: Supporting Windows SChannel as OpenSSL replacement
Date	June 9, 2014 17:40:21
Msg-id	5395C743.7000809@vmware.com Whole thread Raw
In response to	Re: Supporting Windows SChannel as OpenSSL replacement (Andres Freund <andres@2ndquadrant.com>)
Responses	Re: Supporting Windows SChannel as OpenSSL replacement (Robert Haas <robertmhaas@gmail.com>)
List	pgsql-hackers

Tree view

On 06/09/2014 05:22 PM, Andres Freund wrote:
> Hi,
>
> On 2014-06-09 10:18:40 -0400, Tom Lane wrote:
>> Does SChannel have a better security track record than OpenSSL?  Or is
>> the point here just that we can define it as not our problem when a
>> vulnerability surfaces?
>
> Well, it's patched as part of the OS - so no new PG binaries have to be
> released when it's buggy.

Right. I have no idea what SChannel's track record is, but when there's 
a vulnerability in the native SSL implementation in Windows, you better 
upgrade anyway, regardless of PostgreSQL. So when we rely on that, we 
don't put any extra burden on users. And we won't need to release new 
binaries just to update the DLL included in it.

- Heikki

pgsql-hackers by date:

From: Martijn van Oosterhout
Date: 09 June 2014, 17:39:43
Subject: Re: Supporting Windows SChannel as OpenSSL replacement

From: Andres Freund
Date: 09 June 2014, 17:45:07
Subject: Re: Inaccuracy in VACUUM's tuple count estimates

Re: Supporting Windows SChannel as OpenSSL replacement - Mailing list pgsql-hackers

Previous

Next