| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Michael Paquier <michael(at)paquier(dot)xyz> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, Daniel Gustafsson <daniel(at)yesql(dot)se>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Update minimum SSL version |
| Date: | 2019-12-03 09:10:57 |
| Message-ID: | CABUevEyNhpHpH3UCxJ8B5nm9dHtxQStj8=yVu+BWYNd84AoQ0g@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Dec 3, 2019 at 4:53 AM Michael Paquier <michael(at)paquier(dot)xyz> wrote:
> On Mon, Dec 02, 2019 at 12:51:26PM -0500, Tom Lane wrote:
> > Yah. Although, looking at the code in be-secure-openssl.c,
> > it doesn't look that hard to do in an extensible way.
> > Something like (untested)
>
> While we are on the topic... Here is another wild idea. We discussed
> not so long ago about removing support for OpenSSL 0.9.8 from the
> tree. What if we removed support for 1.0.0 and 0.9.8 for 13~. This
> would solve a couple of compatibility headaches, and we have TLSv1.2
> support automatically for all the versions supported. Note that 1.0.0
> has been retired by upstream in February 2014.
>
Is 1.0.1 considered a separate major from 1.0.0, in this reasoning? Because
while retiring 1.0.0 should probably not be that terrible, 1.0.1 is still
in very widespread use on most long term supported distributions.
--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alexey Kondratov | 2019-12-03 09:41:13 | Re: [Patch] pg_rewind: options to use restore_command from recovery.conf or command line |
| Previous Message | Amit Kapila | 2019-12-03 09:03:54 | Re: [HACKERS] Block level parallel vacuum |