Re: Error-like LOG when connecting with SSL for password authentication

On Tue, May 23, 2017 at 6:36 AM, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> wrote:
> On 05/22/2017 10:11 PM, Vaishnavi Prabakaran wrote:
>>
>> On Mon, May 22, 2017 at 5:10 PM, Michael Paquier
>> <michael(dot)paquier(at)gmail(dot)com>
>> wrote:
>>
>>> If the protocol version is SSL
>>> 3.0 or TLS 1.0, this result code is returned only if a closure alert
>>> has occurred in the protocol, i.e. if the connection has been closed
>>> cleanly. Note that in this case SSL_ERROR_ZERO_RETURN does not
>>> necessarily indicate that the underlying transport has been closed.
>>
>>
>> I guess this error code exist even for SSL2 protocol, In that case, don't
>> we need to keep the current code for this error code?
>
> If I understand correctly, with SSLv2, SSL_ERROR_ZERO_RETURN does mean that
> the underlying transport has been closed. Returning 0 seems appropriate in
> that case, too.

Am I reading the docs incorrectly then? I understand that with SSLv2
the transport may not be closed after SSL_ERROR_ZERO_RETURN.

> But the point is moot anyway, because PostgreSQL doesn't allow SSLv2
> anymore.

And SSL_OP_NO_SSLv2 is enforced anyway.

Side note.. Looking at the openssl docs, I am just noticing that
SSLv23_method has been marked as deprecated in 1.1.0:
https://www.openssl.org/docs/man1.1.0/ssl/SSLv23_method.html
And has been replaced by TLS_method. Something to keep in mind.
--
Michael