Re: Update minimum SSL version - Mailing list pgsql-hackers

From Magnus Hagander
Subject Re: Update minimum SSL version
Date
Msg-id CABUevEyNhpHpH3UCxJ8B5nm9dHtxQStj8=yVu+BWYNd84AoQ0g@mail.gmail.com
Whole thread Raw
In response to Re: Update minimum SSL version  (Michael Paquier <michael@paquier.xyz>)
Responses Re: Update minimum SSL version
List pgsql-hackers
On Tue, Dec 3, 2019 at 4:53 AM Michael Paquier <michael@paquier.xyz> wrote:
On Mon, Dec 02, 2019 at 12:51:26PM -0500, Tom Lane wrote:
> Yah.  Although, looking at the code in be-secure-openssl.c,
> it doesn't look that hard to do in an extensible way.
> Something like (untested)

While we are on the topic...  Here is another wild idea.  We discussed
not so long ago about removing support for OpenSSL 0.9.8 from the
tree.  What if we removed support for 1.0.0 and 0.9.8 for 13~.  This
would solve a couple of compatibility headaches, and we have TLSv1.2
support automatically for all the versions supported.  Note that 1.0.0
has been retired by upstream in February 2014.

Is 1.0.1 considered a separate major from 1.0.0, in this reasoning? Because while retiring 1.0.0 should probably not be that terrible, 1.0.1 is still in very widespread use on most long term supported distributions.

--

pgsql-hackers by date:

Previous
From: Amit Kapila
Date:
Subject: Re: [HACKERS] Block level parallel vacuum
Next
From: Alexey Kondratov
Date:
Subject: Re: [Patch] pg_rewind: options to use restore_command fromrecovery.conf or command line