Skip site navigation (1) Skip section navigation (2)

Re: SSL/TLS support (Was: Re: 7.3.1 stamped)

From: Bear Giles <bgiles(at)coyotesong(dot)com>
To: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
Cc: "Marc G(dot) Fournier" <scrappy(at)hub(dot)org>,"scott(dot)marlowe" <scott(dot)marlowe(at)ihs(dot)com>,Nathan Mueller <nmueller(at)cs(dot)wisc(dot)edu>,PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: SSL/TLS support (Was: Re: 7.3.1 stamped)
Date: 2002-12-28 21:15:48
Message-ID: 3E0E1484.7080006@coyotesong.com (view raw or flat)
Thread:
Lists: pgsql-hackers
Bruce Momjian wrote:
> Marc G. Fournier wrote:
> 
>>>>My suggestion would be to eventually phase out ssl2 in favor of ssl3 or
>>>>tls.  And, as we are phasing it out, make it an opt-in thing, where the
>>>>dba has to turn on ssl2 KNOWING he is turning on a flawed protocol.
>>>
>>>That was sort of my point --- if we allow SSLv2 in the server, are we
>>>open to any security problems?  Maybe not.  I just don't know.

There are some weaknesses in SSLv2 that were fixed in SSLv3, but 
it takes a knowledgeable attacker to exploit them.  Anyone who is 
seriously concerned can easily change the startup code in both 
client and server and migrate to TLSv1.  We kept the current 
approach solely for backward compatibilty.

Bear


In response to

pgsql-hackers by date

Next:From: Dave PageDate: 2002-12-28 21:19:46
Subject: Re: GBorg feature requests
Previous:From: Olivier PRENANTDate: 2002-12-27 19:07:29
Subject: Re: Problems with 7.3.1

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group