On 2020-09-18 16:11, Daniel Gustafsson wrote:
> Since we support ciphers that are now deprecated, we have no other choice than
> to load the legacy provider.
Well, we could just have deprecated ciphers fail, unless the user loads
the legacy provider in the OS configuration. There might be an argument
that that is more proper.
As a more extreme analogy, what if OpenSSL remove a cipher from the
legacy provider? Are we then obliged to reimplement it manually for the
purpose of pgcrypto? Probably not.
The code you wrote to load the necessary providers is small enough that
I think it's fine, but it's worth pondering this question briefly.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
