Re: Allowing SSL connection of v11 client to v10 server with SCRAM channel binding

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Michael Paquier <michael(dot)paquier(at)gmail(dot)com>
Cc: PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>
Subject: Re: Allowing SSL connection of v11 client to v10 server with SCRAM channel binding
Date: 2017-11-20 05:04:37
Message-ID: 17915.1511154277@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Michael Paquier <michael(dot)paquier(at)gmail(dot)com> writes:
> When trying to connect to a v11 client based on current HEAD to a v10
> server using SSL, then the connection would fail.

That's bad ...

> The attached patch,
> for REL_10_STABLE, allows a server to accept as well as input "eSws",
> which is a combination that can now happen. This way, a v10 server
> accepts connections from a v11 and newer client with SSL.

This is not an acceptable fix. We have to maintain the ability to connect
to unpatched older servers. If features added to HEAD have broken that,
either we fix those features to be backwards compatible, or we revert
them.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Michael Paquier 2017-11-20 05:57:15 Re: Allowing SSL connection of v11 client to v10 server with SCRAM channel binding
Previous Message 高增琦 2017-11-20 04:58:50 Re: no library dependency in Makefile?