>From a security audit point of view, also consider the fact that 9.6 is end-of-life in 3 months.
-Steve On Fri, Aug 6, 2021 at 9:46 AM Tom Lane <t...@sss.pgh.pa.us> wrote: > Ehtesham Pradhan <ehtesham.prad...@lookout.com> writes: > > Our client is using Version : PostgreSQL 9.6.17 , they have done > vulnerability > > assessment and found that : > > > - TLS version 1.0 Protocol detection > > - The remote service encrypt traffic with older version of TLS > > This is mostly a matter of whether the OpenSSL libraries being used on > both ends are up-to-date. If you were using PG 12 or later you could > set the server parameter ssl_min_protocol_version to enforce whatever > policy you want about minimum TLS version. But in 9.6.x it's going > to be strictly a matter of what OpenSSL wants to do. Check the > system-wide OpenSSL configuration on each end, and update OpenSSL > if necessary. At least with reasonably modern OpenSSL, you should > be able to enforce a minimum TLS version in OpenSSL's config > (see MinProtocol). > > regards, tom lane > > >
