| From: | Marko Kreen <markokr(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Noah Misch <noah(at)leadboat(dot)com>, pgsql-hackers(at)postgreSQL(dot)org, Wim Lewis <wiml(at)omnigroup(dot)com>, Jeffrey Walton <noloader(at)gmail(dot)com> |
| Subject: | Re: [COMMITTERS] pgsql: libpq: Support TLS versions beyond TLSv1. |
| Date: | 2014-01-31 18:24:39 |
| Message-ID: | 20140131182439.GD24651@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
On Sat, Jan 25, 2014 at 12:25:30PM -0500, Tom Lane wrote:
> Alternatively, given that TLS has been around for a dozen years and
> openssl versions that old have not gotten security updates for a long
> time, why don't we just reject SSLv3 on the backend side too?
> I guess it's barely possible that somebody out there is using a
> non-libpq-based client that uses a non-TLS-capable SSL library, but
> surely anybody like that is overdue to move into the 21st century.
> An SSL library that old is probably riddled with security issues.
Attached patch disables SSLv3 in backend.
TLS is supported in OpenSSL since fork from SSLeay, in Java since 1.4.2,
in Windows since XP. It's hard to imagine this causing any
compatibility problems.
--
marko
| Attachment | Content-Type | Size |
|---|---|---|
| disable-ssl3.diff | text/x-diff | 670 bytes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2014-01-31 18:35:57 | pgsql: pgindent: add --list-of-typedefs option |
| Previous Message | Fujii Masao | 2014-01-31 16:47:20 | pgsql: Add tab completion for ALTER TABLESPACE MOVE in psql. |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2014-01-31 18:37:24 | Re: pgindent wishlist item |
| Previous Message | Josh Berkus | 2014-01-31 18:17:37 | Re: Regarding google summer of code |