Home > mailing lists

Re: settings to control SSL/TLS protocol version - Mailing list pgsql-hackers

From	Robert Haas
Subject	Re: settings to control SSL/TLS protocol version
Date	November 5, 2018 23:01:58
Msg-id	CA+TgmoZ600q+Q6UEndhPKGTEkf5d1n918OXHSt3qYTXiK-06iA@mail.gmail.com Whole thread Raw
In response to	settings to control SSL/TLS protocol version (Peter Eisentraut <peter.eisentraut@2ndquadrant.com>)
Responses	Re: settings to control SSL/TLS protocol version Re: settings to control SSL/TLS protocol version
List	pgsql-hackers

Tree view

On Mon, Oct 1, 2018 at 4:21 PM Peter Eisentraut
<peter.eisentraut@2ndquadrant.com> wrote:
> There have been some requests to be able to select the TLS versions
> PostgreSQL is using.  We currently only hardcode that SSLv2 and SSLv3
> are disabled, but there is also some interest now in disabling TLSv1.0
> and TLSv1.1.  Also, I've had some issues in some combinations with the
> new TLSv1.3, so there is perhaps also some use for disabling at the top end.
>
> Attached is a patch that implements this.  For example:
>
>     ssl_min_protocol_version = 'TLSv1'
>     ssl_max_protocol_version = 'any'

+1.  Maybe it would make sense to spell 'any' as the empty string.
Intuitively, it makes more sense to me to think about there being no
maximum than to think about the maximum being anything.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

pgsql-hackers by date:

From: Andres Freund
Date: 05 November 2018, 22:54:07
Subject: Re: Reduce maintenance burden of alternative output files with \if\quit

From: Robert Haas
Date: 05 November 2018, 23:06:41
Subject: Re: plruby: rb_iterate symbol clash with libruby.so

Re: settings to control SSL/TLS protocol version - Mailing list pgsql-hackers

Previous

Next