From: | Jan Bilek <jan(dot)bilek(at)eftlab(dot)co(dot)uk> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Chris Dawes <chris(dot)dawes(at)eftlab(dot)co(dot)uk>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Postgres and TLSv1.2 |
Date: | 2015-05-22 00:49:39 |
Message-ID: | 555E7D23.8070201@eftlab.co.uk |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 22/05/15 10:45, Tom Lane wrote:
> I wrote:
>> I think this was probably a mistake. I suggest that in the back branches
>> we should leave the server alone (rejecting SSL v3 might annoy somebody
>> using old non-libpq clients) but adjust libpq to use SSLv23_method() plus
>> SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3. IOW, back-patch 820f08cabdcbb899,
>> though perhaps also the comment adjustments in 326e1d73c476a0b5.
>> This would have the effect of allowing libpq to use TLS-anything, not only
>> TLSv1 which is what it's been requiring since 7.3.2.
> Done at
> http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=c6b7b9a9cef1253ad12122959d0e78f62d8aee1f
>
> This is too late for tomorrow's releases, but it will be in the next minor
> releases --- or if you're in a hurry, you could apply that patch locally.
>
> regards, tom lane
This is excellent! Thank you!
Kind Regards,
Jan
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Geoghegan | 2015-05-22 00:51:57 | Re: Re: [COMMITTERS] pgsql: Add support for INSERT ... ON CONFLICT DO NOTHING/UPDATE. |
Previous Message | Andres Freund | 2015-05-22 00:48:11 | Re: Re: [COMMITTERS] pgsql: Add support for INSERT ... ON CONFLICT DO NOTHING/UPDATE. |