| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | "scott(dot)marlowe" <scott(dot)marlowe(at)ihs(dot)com> |
| Cc: | "Marc G(dot) Fournier" <scrappy(at)hub(dot)org>, Nathan Mueller <nmueller(at)cs(dot)wisc(dot)edu>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: 7.3.1 stamped |
| Date: | 2002-12-18 21:28:13 |
| Message-ID: | 200212182128.gBILSDJ18421@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
scott.marlowe wrote:
> > I wasn't sure how insecure SSL2 was, and whether it allowed you to
> > authenticate without a password or something.
>
> SSL2 seems to get a lot of votes for being broken in ways that cannot be
> fixed because they aren't simple buffer overflows. see:
>
> http://www.lne.com/ericm/papers/ssl_servers.html#1.2
>
> My suggestion would be to eventually phase out ssl2 in favor of ssl3 or
> tls. And, as we are phasing it out, make it an opt-in thing, where the
> dba has to turn on ssl2 KNOWING he is turning on a flawed protocol.
That was sort of my point --- if we allow SSLv2 in the server, are we
open to any security problems? Maybe not. I just don't know.
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Neil Conway | 2002-12-18 23:24:20 | Re: MySQL 4.1 Features |
| Previous Message | Bruce Momjian | 2002-12-18 21:25:23 | Re: v7.3.1 tar ready ... please check it ... |