> On 24 Jun 2020, at 10:46, Magnus Hagander <mag...@hagander.net> wrote:
> It might also be worth noting that it's not really "any protocol version", it > means it will be "whatever the openssl configuration says", I think? For > example, debian buster sets: > > [system_default_sect] > MinProtocol = TLSv1.2 > > Which I believe means that if your libpq app is running on debian buster, it > will be min v1.2 already Correct, that being said I'm not sure how common it is for distributions to set a default protocol version. The macOS versions I have handy doesn't enforce a default version, nor does Ubuntu 20.04, FreeBSD 12 or OpenBSD 6.5 AFAICT. > (and it would likely be more useful to use ssl_min_protocol_version to > *lower* that when connecting to older servers). That is indeed one use-case for the connection parameter. cheers ./daniel
