Greetings,
* Andres Freund (andres@anarazel.de) wrote:
> On 2018-11-29 16:34:13 -0500, Tom Lane wrote:
> > Yeah, I was disappointed too. OpenSSL has had a squirrelly enough track
> > record that it'd be nice not to be totally dependent on it.
>
> GnuTLS seems, if anything, worse though. There's obviously good reasons
> to add support for TLS libraries that make it easier to use PG on
> certain platforms, but GnuTLS doesn't achieve that. So I don't think
> this is too sad.
There are very good reasons to give our users the option of different
TLS libraries, even if it's platforms where OpenSSL is also available,
for the reason Tom mentioned- OpenSSL hasn't had a terribly good track
record, and because there's been independent evaluation of different
libraries and OpenSSL doesn't top the list in those.
As such, I do believe it'd be good to have support for multiple
libraries, even on Linux or other platforms where OpenSSL is available.
Thanks!
Stephen