| From: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
|---|---|
| To: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Use EVP API pgcrypto encryption, dropping support for OpenSSL 0.9.6 and older |
| Date: | 2015-10-05 15:16:05 |
| Message-ID: | 20151005151605.GC8531@alvherre.pgsql |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Heikki Linnakangas wrote:
> In short, pgcrypto actually used to use the EVP functions, but was changed
> to *not* use them, because in older versions of OpenSSL, some key lengths
> and/or padding options that pgcrypto supports were not supported by the EVP
> API. That was fixed in OpenSSL 0.9.7, however. The consensus in 2007 was
> that we could drop support for OpenSSL 0.9.6 and below, so that should
> definitely be OK by now, if we haven't already done that elsewhere in the
> code.
I think we already effectively dropped support for < 0.9.7 with the
renegotiation fixes; see
https://www.postgresql.org/message-id/20130712203252.GH29206%40eldon.alvh.no-ip.org
--
Álvaro Herrera http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2015-10-05 15:27:40 | Re: Less than ideal error reporting in pg_stat_statements |
| Previous Message | Tom Lane | 2015-10-05 15:15:56 | Re: Less than ideal error reporting in pg_stat_statements |