Home > mailing lists

Re: RFC 9266: Channel Bindings for TLS 1.3 support - Mailing list pgsql-bugs

From	Jacob Champion
Subject	Re: RFC 9266: Channel Bindings for TLS 1.3 support
Date	July 29, 2022 20:28:19
Msg-id	CAAWbhmgN+=v_q-DUZ=0JNbegxCewfn=xTcsT4Xhf2TX6NpSNdg@mail.gmail.com Whole thread Raw
In response to	Re: RFC 9266: Channel Bindings for TLS 1.3 support (Michael Paquier <michael@paquier.xyz>)
Responses	Re: RFC 9266: Channel Bindings for TLS 1.3 support (Michael Paquier <michael@paquier.xyz>)
List	pgsql-bugs

Tree view

On Thu, Jul 28, 2022 at 10:44 PM Michael Paquier <michael@paquier.xyz> wrote:
> tls-unique is not planned, as we have already tls-server-end-point for
> TLS1.2 and Postgres requires a certificate, anyway.

I think we can provide tls-exporter for older TLS versions as well, as
long as SSL_get_extms_support() returns 1 for the connection, per
Section 4.2 [1]. That would let people use a unique binding even if
they can't use TLS 1.3 for whatever reason.

> I should be able to get something sent to the mailing lists for the
> commit fest of September, so as we could have this feature in v16~.

Thanks!

--Jacob

[1] https://datatracker.ietf.org/doc/html/rfc9266#section-4.2

pgsql-bugs by date:

From: Tom Lane
Date: 29 July 2022, 19:57:49
Subject: Re: BUG #17561: Server crashes on executing row() with very long argument list

From: PG Bug reporting form
Date: 30 July 2022, 01:18:54
Subject: BUG #17562: Strange behavior of to_tsquery() with a - character

Re: RFC 9266: Channel Bindings for TLS 1.3 support - Mailing list pgsql-bugs

Previous

Next