> On 24 Jun 2020, at 08:39, Peter Eisentraut <peter.eisentr...@2ndquadrant.com> > wrote: > > In PG13, we raised the server-side default of ssl_min_protocol_version to > TLSv1.2. We also added a connection setting named ssl_min_protocol_version > to libpq. But AFAICT, the default value of the libpq setting is empty, so > any protocol version will be accepted. Is this what we wanted? Should we > raise the default in libpq as well?
This was discussed [0] when the connection settings were introduced, and the concensus was to leave them alone [1] to allow for example a new pg_dump to work against an old server. Re-reading the thread I think the argument still holds, but I was about to respond "yes, let's do this" before refreshing my memory. Perhaps we should add a comment explaining this along the lines of the attached? cheers ./daniel [0] https://www.postgresql.org/message-id/157800160408.1198.1714906047977693148.pgcf%40coridan.postgresql.org [1] https://www.postgresql.org/message-id/31993.1578321474%40sss.pgh.pa.us
libpq_minmaxproto_doc.diff
Description: Binary data
