On 2020-09-18 16:11, Daniel Gustafsson wrote:
Since we support ciphers that are now deprecated, we have no other choice than to load the legacy provider.
Well, we could just have deprecated ciphers fail, unless the user loads the legacy provider in the OS configuration. There might be an argument that that is more proper.
As a more extreme analogy, what if OpenSSL remove a cipher from the legacy provider? Are we then obliged to reimplement it manually for the purpose of pgcrypto? Probably not.
The code you wrote to load the necessary providers is small enough that I think it's fine, but it's worth pondering this question briefly.
-- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
