Re: Update minimum SSL version

On 2019-12-03 12:44, Magnus Hagander wrote:
> On Tue, Dec 3, 2019 at 12:09 PM Michael Paquier <michael@paquier.xyz 
> <mailto:michael@paquier.xyz>> wrote:
> 
>     On Tue, Dec 03, 2019 at 10:10:57AM +0100, Magnus Hagander wrote:
>      > Is 1.0.1 considered a separate major from 1.0.0, in this
>     reasoning? Because
>      > while retiring 1.0.0 should probably not be that terrible, 1.0.1
>     is still
>      > in very widespread use on most long term supported distributions.
> 
>     1.0.1 and 1.0.0 are two different major releases in the OpenSSL world,
>     so my suggestion would be to cut support for everything which does not
>     have TLSv1.2, meaning that we keep compatibility with 1.0.1 for
>     a longer period.
> 
> 
> Good, that's what I thought you meant :) And that makes it sound like a 
> working plan to me.

This would mean we'd stop support for RHEL 5, which is probably OK, 
seeing that even the super-extended support ends in November 2020.

Dropping RHEL 5 would also allow us to drop support for Python 2.4, 
which is something I've been itching to do. ;-)

In both of these cases, maintaining support for all these ancient 
versions is a significant burden IMO, so it would be good to clean up 
the tail end a bit.

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services