| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: should libpq also require TLSv1.2 by default? |
| Date: | 2020-06-26 13:19:43 |
| Message-ID: | 2339796.1593177583@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Daniel Gustafsson <daniel(at)yesql(dot)se> writes:
>> On 26 Jun 2020, at 00:44, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> BTW, the server-side report of the problem looks like
>> LOG: could not accept SSL connection: wrong version number
> I can totally see some thinking that it's the psql version at client side which
> is referred to and not the TLS protocol version. Perhaps we should add a hint
> there as well?
Not sure. We can't fix it in the case we're mainly concerned about,
namely an out-of-support server version. At the same time, it's certainly
true that "version number" is way too under-specified in this context.
Maybe improving this against the day that TLSv2 exists would be smart.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2020-06-26 13:57:04 | pg_dump bug for extension owned tables |
| Previous Message | Robert Haas | 2020-06-26 12:46:41 | Re: [Patch] ALTER SYSTEM READ ONLY |