On 22/05/15 10:45, Tom Lane wrote:
I wrote:
I think this was probably a mistake. I suggest that in the back branches
we should leave the server alone (rejecting SSL v3 might annoy somebody
using old non-libpq clients) but adjust libpq to use SSLv23_method() plus
SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3. IOW, back-patch 820f08cabdcbb899,
though perhaps also the comment adjustments in 326e1d73c476a0b5.
This would have the effect of allowing libpq to use TLS-anything, not only
TLSv1 which is what it's been requiring since 7.3.2.
Done at
http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=c6b7b9a9cef1253ad12122959d0e78f62d8aee1f
This is too late for tomorrow's releases, but it will be in the next minor
releases --- or if you're in a hurry, you could apply that patch locally.
regards, tom lane
This is excellent! Thank you!
Kind Regards,
Jan
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
