| From: | "Marc G(dot) Fournier" <scrappy(at)hub(dot)org> |
|---|---|
| To: | Nathan Mueller <nmueller(at)cs(dot)wisc(dot)edu> |
| Cc: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: 7.3.1 stamped |
| Date: | 2002-12-18 13:37:15 |
| Message-ID: | 20021218093506.G63985-100000@hub.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, 17 Dec 2002, Nathan Mueller wrote:
> > Well, we break backward compatibility so people can't use SSL2 to
> > connect to the server. Backward compatibility to a broken protocol
> > isn't what I would call secure. Is that accurate?
>
> I suppose. As long as the incompatibilty is mentioned in HISTORY I'm
> fine.
I read the SSL_CTX_new man page, and they recommend using SSLv23_method to
provide backwards compatibility ... if someone doesn't wan tto use SSL2,
they have the option to use TLS, but we shouldn't be forcigin them to use
one or the othe r...
I have made the change and am just building v7.3.1 right now ... should be
available in a few minutes, and I'll announce it this evening as being
available ... can you grab a copy and make sure that it works as expected?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Marc G. Fournier | 2002-12-18 14:18:00 | v7.3.1 tar ready ... please check it ... |
| Previous Message | Michael Poole | 2002-12-18 13:36:47 | Re: SourceForge policy on http://sourceforge.net/tos/tos.php |