Home > mailing lists

Re: Support tls-exporter as channel binding for TLSv1.3 - Mailing list pgsql-hackers

From	Jacob Champion
Subject	Re: Support tls-exporter as channel binding for TLSv1.3
Date	October 13, 2022 20:30:37
Msg-id	CAAWbhmiOMM4L5n_HTi=_c4Jf2JsBV=XDhYPOfuSpqOyT+7f-Mw@mail.gmail.com Whole thread Raw
In response to	Re: Support tls-exporter as channel binding for TLSv1.3 (Michael Paquier <michael@paquier.xyz>)
Responses	Re: Support tls-exporter as channel binding for TLSv1.3 (Michael Paquier <michael@paquier.xyz>)
List	pgsql-hackers

Tree view

On Wed, Oct 12, 2022 at 11:01 PM Michael Paquier <michael@paquier.xyz> wrote:
> One thing that would reduce the complexity of the equation is
> to drop support for tls-server-end-point in the backend in PG >= 16 as
> the versions of OpenSSL we still support on HEAD would cover
> completely tls-exporter.

Is the intent to backport tls-exporter client support? Or is the
compatibility break otherwise acceptable?

It seemed like there was also some general interest in proxy TLS
termination (see also the PROXY effort, though it has stalled a bit).
For that, I would think tls-server-end-point is an important feature.

--Jacob

pgsql-hackers by date:

From: Melanie Plageman
Date: 13 October 2022, 20:29:32
Subject: Re: pg_stat_bgwriter.buffers_backend is pretty meaningless (and more?)

From: Nathan Bossart
Date: 13 October 2022, 20:45:06
Subject: Re: Suppressing useless wakeups in walreceiver

Re: Support tls-exporter as channel binding for TLSv1.3 - Mailing list pgsql-hackers

Previous

Next