Обсуждение: Deprecated openssl command option in documentation

The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/17/ssl-tcp.html
Description:

Hi
In the documentation at https://www.postgresql.org/docs/17/ssl-tcp.html, it
says, in 18.9.5. Creating Certificates:
```
To create a simple self-signed certificate for the server, valid for 365
days, use the following OpenSSL command, replacing dbhost.yourdomain.com
with the server's host name:
openssl req -new -x509 -days 365 -nodes -text -out server.crt \
  -keyout server.key -subj "/CN=dbhost.yourdomain.com"
```
However, on Ubuntu, running "openssl req --help" shows the following:
```
Output options:
...
 -noenc                Don't encrypt private keys
 -nodes                Don't encrypt private keys; deprecated
```
Therefore, I suggest you replace the "-nodes" switch in the command example
to "-noenc".
Ubuntu version:
```
$ cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.5 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.5 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
```

> On 18 Jun 2025, at 13:24, PG Doc comments form <noreply@postgresql.org> wrote:

> -noenc                Don't encrypt private keys
> -nodes                Don't encrypt private keys; deprecated
> ```
> Therefore, I suggest you replace the "-nodes" switch in the command example
> to "-noenc".

Thanks for your report!

The noenc option, and subsequent deprecation notice on nodes, came in OpenSSL
3.0 but PostgreSQL still support OpenSSL 1.1.1.  nodes is still available in
the recent 3.5 version so sticking with it is the safe option for us (until we
deprecate 1.1.1 support, which is a fair bit into the future).

--
Daniel Gustafsson