Re: 7.3.1 stamped

Marc G. Fournier wrote:
> > My question is whether it is safe to be making this change in a minor
> > release?  Does it work with 7.3 to 7.3.1 combinations?  My other
> > question is, if SSLv2 isn't secure, couldn't a client say they only
> > support SSLv2, and hence break into the server?  That was my original
> > hesitancy, that and the fact Bear the SSL guy didn't want it.
> 
> Wow, which part of "A TLS/SSL connection established with these methods
> will understand the SSLv2, SSLv3, and TLSv1 protocol" are you finiding
> particularly confusing?  As nate explained to you, and the man page
> section I commited states, TLSv1_method *only* supports TLS connections
> ... SSLv23_method supports SSLv2, v3 and TLSv1 ...
> 
> As for 'break into the server" ... ummm ... isn't that what pg_hba.conf is
> for?  I don't know about servers you run, but I don't let just anyone
> connect to my server, and, in fact, close down the databases themsleves to
> specific users ... if you don't trust the client, why are you giving him
> accss to your data, regardless of the protocol being used to encrypt the
> sessino??

I wasn't sure how insecure SSL2 was, and whether it allowed you to
authenticate without a password or something.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073