Re: Use EVP API pgcrypto encryption, dropping support for OpenSSL 0.9.6 and older

Andres Freund wrote:

> But more seriously: Given the upstream support policies from
> https://www.openssl.org/policies/releasestrat.html :
> "
> Support for version 0.9.8 will cease on 2015-12-31. No further releases of 0.9.8 will be made after that date. Security fixes only will be applied to 0.9.8 until then.
> Support for version 1.0.0 will cease on 2015-12-31. No further releases of 1.0.0 will be made after that date. Security fixes only will be applied to 1.0.0 until then.
>
> We may designate a release as a Long Term Support (LTS) release. LTS
> releases will be supported for at least five years and we will specify
> one at least every four years. Non-LTS releases will be supported for at
> least two years.
> "
> and the amount of security fixes regularly required for openssl, I don't
> think we'd do anybody a favor by trying to continue supporting older
> versions for a long while.
>
> Note that openssl's security releases are denoted by a letter after the
> numeric version, not by the last digit. 0.9.7 was released 30 Dec 2002.

Yeah. Last of the 0.9.7 line (0.9.7m) was in 2007:

commit 10626fac1569ea37839c37b105681cd08dbe6658
Author: cvs2svn <cvs2svn>
AuthorDate: Fri Feb 23 12:49:10 2007 +0000
CommitDate: Fri Feb 23 12:49:10 2007 +0000

This commit was manufactured by cvs2svn to create tag 'OpenSSL_0_9_7m'.

Current 0.9.8 is 0.9.8zg, in June this year:

commit 0823ddc56e9aaa1de6c4f57bb45457d5eeca404d
Author: Matt Caswell <matt(at)openssl(dot)org>
AuthorDate: Thu Jun 11 15:20:22 2015 +0100
CommitDate: Thu Jun 11 15:20:22 2015 +0100

Prepare for 0.9.8zg release

Reviewed-by: Stephen Henson <steve(at)openssl(dot)org>

--
Álvaro Herrera http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services