> On 9 Sep 2024, at 16:48, Tom Lane <t...@sss.pgh.pa.us> wrote: > > Daniel Gustafsson <dan...@yesql.se> writes: >> The patchset in https://commitfest.postgresql.org/49/5025/ which adds support >> for configuring cipher suites in TLS 1.3 handshakes require an API available >> in >> OpenSSL 1.1.1 and onwards. With that as motivation I'd like to propose that >> we >> remove support for OpenSSL 1.1.0 and set the minimum required version to >> 1.1.1. >> OpenSSL 1.1.0 was EOL in September 2019 and was never an LTS version, so it's >> not packaged in anything anymore AFAICT and should be very rare in production >> use in conjunction with an updated postgres. 1.1.1 LTS will be 2 years EOL >> by >> the time v18 ships so I doubt this will be all that controversial. > > Yeah ... the alternative would be to conditionally compile the new > functionality. That doesn't seem like a productive use of developer > time if it's supporting just one version that should be extinct in > the wild by now.
Agreed. OpenSSL 1.1.1 is very different story and I suspect we'll be stuck on that level for some time, but 1.1.0 is gone from production use. -- Daniel Gustafsson
