From: | Michael Paquier <michael(at)paquier(dot)xyz> |
---|---|
To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, Postgres hackers <pgsql-hackers(at)postgresql(dot)org>, Robert Haas <robertmhaas(at)gmail(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Bruce Momjian <bruce(at)momjian(dot)us> |
Subject: | Re: SCRAM with channel binding downgrade attack |
Date: | 2018-06-29 01:37:55 |
Message-ID: | 20180629013755.GC2965@paquier.xyz |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers pgsql-www |
On Thu, Jun 28, 2018 at 10:05:23AM +0200, Peter Eisentraut wrote:
> But before we drop the SCRAM business completely off the open items, I
> think we need to consider how TLS 1.3 affects this.
The set of APIs that we use to the SSL abstraction layer is very
internal, so it would not be an issue if we add some in stable branches,
no? My point is that from OpenSSL point of view, TLS 1.3 stuff has been
added in 1.1.1 which is now in beta 6 stage, so we could consider as
well all this part once OpenSSL is released. That's compatibility work
I wanted to work on anyway. Impossible to say down to which versions of
Postgres things could be applied easily though without a deep
investigation of the new compatibility breakages that upstream OpenSSL
has very-likely introduced in upstream.
Still it does not sound completely strange either to me to wait for
OpenSSL to release as we won't be able to have a full solution designed
before that.
--
Michael
From | Date | Subject | |
---|---|---|---|
Next Message | Michael Paquier | 2018-06-29 02:16:01 | Re: SCRAM with channel binding downgrade attack |
Previous Message | Amit Langote | 2018-06-29 01:28:13 | Re: Listing triggers in partitions (was Re: Remove mention in docs that foreign keys on partitioned tables) |
From | Date | Subject | |
---|---|---|---|
Next Message | Michael Paquier | 2018-06-29 02:16:01 | Re: SCRAM with channel binding downgrade attack |
Previous Message | Bruce Momjian | 2018-06-28 12:51:47 | Re: SCRAM with channel binding downgrade attack |