Ehtesham Pradhan <ehtesham.pradhan@lookout.com> writes: > Our client is using Version : PostgreSQL 9.6.17 , they have done vulnerability > assessment and found that :
> - TLS version 1.0 Protocol detection > - The remote service encrypt traffic with older version of TLS
This is mostly a matter of whether the OpenSSL libraries being used on both ends are up-to-date. If you were using PG 12 or later you could set the server parameter ssl_min_protocol_version to enforce whatever policy you want about minimum TLS version. But in 9.6.x it's going to be strictly a matter of what OpenSSL wants to do. Check the system-wide OpenSSL configuration on each end, and update OpenSSL if necessary. At least with reasonably modern OpenSSL, you should be able to enforce a minimum TLS version in OpenSSL's config (see MinProtocol).
