> I believe that pre7-3 SSL clients will work in 7.3.1, or am I wrong?
In 7.3 the SSL protocol switched from SSLv2 to TLSv1. If the server
method is switched to SSLv23_method it will be backwords compatable with
pre-7.3 clients without sacrificing the added security of TLSv1 for
newer stuff. There's been a lot of other changes to the SSL code between
7.2 and 7.3, but I've tested this out and haven't found any problems.
I've included a patch to src/backend/libpq/be-secure.c if you're
interested.
--Nate
--- be-secure.c 13 Dec 2002 18:06:44 -0000 1.3
+++ be-secure.c 18 Dec 2002 04:16:19 -0000
@@ -587,7 +587,7 @@ { SSL_library_init(); SSL_load_error_strings();
- SSL_context = SSL_CTX_new(TLSv1_method());
+ SSL_context = SSL_CTX_new(SSLv23_method()); if (!SSL_context) {
postmaster_error("failed to create SSL context: %s",