On 04/11/2018 04:24, Steve Singer wrote:
> The feature seems useful a lot of application servers are implementing
> minimal TLS protocol versions.
> I don't see a way to restrict libpq to only connect with certain protocol
> versions. Maybe that is a separate patch but it would make this feature
On Mon, Nov 05, 2018 at 03:01:58PM -0500, Robert Haas wrote:
> +1. Maybe it would make sense to spell 'any' as the empty string.
> Intuitively, it makes more sense to me to think about there being no
> maximum than to think about the maximum being anything.
I have looked at the code a bit yesterd
On Monday, November 5, 2018, David Fetter wrote:
> On Mon, Nov 05, 2018 at 03:01:58PM -0500, Robert Haas wrote:
> > On Mon, Oct 1, 2018 at 4:21 PM Peter Eisentraut
> > wrote:
> > >
> > > Attached is a patch that implements this. For example:
> > >
> > > ssl_min_protocol_version = 'TLSv1'
>
On Mon, Nov 05, 2018 at 03:01:58PM -0500, Robert Haas wrote:
> On Mon, Oct 1, 2018 at 4:21 PM Peter Eisentraut
> wrote:
> > There have been some requests to be able to select the TLS versions
> > PostgreSQL is using. We currently only hardcode that SSLv2 and SSLv3
> > are disabled, but there is a
On Mon, Oct 1, 2018 at 4:21 PM Peter Eisentraut
wrote:
> There have been some requests to be able to select the TLS versions
> PostgreSQL is using. We currently only hardcode that SSLv2 and SSLv3
> are disabled, but there is also some interest now in disabling TLSv1.0
> and TLSv1.1. Also, I've h
The following review has been posted through the commitfest application:
make installcheck-world: tested, passed
Implements feature: tested, passed
Spec compliant: not tested
Documentation:tested, passed
I've reviewed the patch and here are my comments.
The feature se
> On 2 Oct 2018, at 14:23, Peter Eisentraut
> wrote:
>
> On 01/10/2018 23:30, Daniel Gustafsson wrote:
>>> ssl_min_protocol_version = 'TLSv1'
>>> ssl_max_protocol_version = ‘any'
>>
>> I don’t think ‘any’ is a clear name for a setting which means “the highest
>> supported version”. How abo
On 01/10/2018 23:30, Daniel Gustafsson wrote:
>>ssl_min_protocol_version = 'TLSv1'
>>ssl_max_protocol_version = ‘any'
>
> I don’t think ‘any’ is a clear name for a setting which means “the highest
> supported version”. How about ‘max_supported’ or something similar?
I can see the argumen
> On 1 Oct 2018, at 22:21, Peter Eisentraut
> wrote:
>
> There have been some requests to be able to select the TLS versions
> PostgreSQL is using. We currently only hardcode that SSLv2 and SSLv3
> are disabled, but there is also some interest now in disabling TLSv1.0
> and TLSv1.1. Also, I've
24x7 Support, Remote DBA, Training & Services
From 768ccf861b6904baa25a601a09c5e440f3f62cca Mon Sep 17 00:00:00 2001
From: Peter Eisentraut
Date: Mon, 1 Oct 2018 21:43:30 +0200
Subject: [PATCH] Add settings to control SSL/TLS protocol version
For example:
ssl_min_protocol_version = 'T
10 matches
Mail list logo