> On 2 Oct 2018, at 14:23, Peter Eisentraut <peter.eisentr...@2ndquadrant.com> > wrote: > > On 01/10/2018 23:30, Daniel Gustafsson wrote: >>> ssl_min_protocol_version = 'TLSv1' >>> ssl_max_protocol_version = ‘any' >> >> I don’t think ‘any’ is a clear name for a setting which means “the highest >> supported version”. How about ‘max_supported’ or something similar? > > I can see the argument for an alternative, but your suggestion is a > mouthful.
Agreed, but I can’t think of a better wording. Perhaps just ‘tls_max’? >> +1 for using a min/max approach for setting the version, and it should be >> trivial to add support for in the pending GnuTLS and Secure Transport >> patches. > > AFAICT, in GnuTLS this is done via the "priorities" setting that also > sets the ciphers. There is no separate API for just the TLS version. > It would be interesting to see how Secure Transport can do it. Secure Transport has a fairly neat API for this, SSLSetProtocolVersionMax() and SSLSetProtocolVersionMin() (available since Lion). cheers ./daniel
