pgsql: Back-patch libpq support for TLS versions beyond v1.
| От | Tom Lane |
|---|---|
| Тема | pgsql: Back-patch libpq support for TLS versions beyond v1. |
| Дата | |
| Msg-id | E1Yvb2W-0007dz-NP@gemulon.postgresql.org обсуждение исходный текст |
| Список | pgsql-committers |
Back-patch libpq support for TLS versions beyond v1. Since 7.3.2, libpq has been coded in such a way that the only SSL protocol it would allow was TLS v1. That approach is looking increasingly obsolete. In commit 820f08cabdcbb899 we fixed it to allow TLS >= v1, but did not back-patch the change at the time, partly out of caution and partly because the question was confused by a contemporary server-side change to reject the now-obsolete SSL protocol v3. 9.4 has now been out long enough that it seems safe to assume the change is OK; hence, back-patch into 9.0-9.3. (I also chose to back-patch some relevant comments added by commit 326e1d73c476a0b5, but did *not* change the server behavior; hence, pre-9.4 servers will continue to allow SSL v3, even though no remotely modern client will request it.) Per gripe from Jan Bilek. Branch ------ REL9_1_STABLE Details ------- http://git.postgresql.org/pg/commitdiff/2c2c5f0e02b58d225385f5008fb797a90935cb06 Modified Files -------------- src/backend/libpq/be-secure.c | 7 +++++++ src/interfaces/libpq/fe-secure.c | 11 ++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-)
В списке pgsql-committers по дате отправления: