On Mon, Dec 2, 2019 at 11:39 AM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> That's an excellent point, but it looks like we're pretty good
> already. I tried the patch with openssl 0.9.8x, and got this
> failure at server start:
>
> FATAL: ssl_min_protocol_version setting TLSv1.2 not supported by this build
Oh, that's pretty good.
> Maybe it'd be worth extending that to show the max supported
> version, with some rats-nest of #ifdefs, but I'm not sure if
> it's worth the trouble.
Especially if we mess up the #ifdefs. :-)
I don't have super-strong feelings that we have to try to do that. It
would be worth doing if it were easy, I think, but if our hypothesis
that this will affect relatively few people is correct, it may not
matter very much.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
