Quick Links

Re: Supporting tls-server-end-point as SCRAM channel binding for OpenSSL 1.0.0 and 1.0.1

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>
Cc:	Michael Paquier <michael(at)paquier(dot)xyz>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, Postgres hackers <pgsql-hackers(at)postgresql(dot)org>, sfackler(at)gmail(dot)com, Peter Eisentraut <peter_e(at)gmx(dot)net>
Subject:	Re: Supporting tls-server-end-point as SCRAM channel binding for OpenSSL 1.0.0 and 1.0.1
Date:	2018-06-06 16:49:25
Message-ID:	12768.1528303765@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> writes:
> If SCRAM channel binding is an important aspect to security, and the
> older OpenSSL versions will still be around in servers for some time
> yet, it seems like it behooves us to go the extra mile and provide an
> implementation that works with such existing servers. Looking at
> yum.postgresql.org, we seem to offer Postgres 11 packages for RHEL 6,
> which appears to have openssl 1.0.0.

Not sure if the difference is relevant here, but an up-to-date RHEL6
installation contains 1.0.1e:

$ rpm -q openssl
openssl-1.0.1e-57.el6.x86_64
openssl-1.0.1e-57.el6.i686

regards, tom lane

In response to

Re: Supporting tls-server-end-point as SCRAM channel binding for OpenSSL 1.0.0 and 1.0.1 at 2018-06-06 16:37:00 from Alvaro Herrera

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Tom Lane	2018-06-06 17:06:24	Re: processSQLNamePattern() analog
Previous Message	Andrew Dunstan	2018-06-06 16:40:40	Re: commitfest 2018-07