Marko Kreen <markokr@gmail.com> writes:
> On Sat, Jan 25, 2014 at 12:25:30PM -0500, Tom Lane wrote:
>> Alternatively, given that TLS has been around for a dozen years and
>> openssl versions that old have not gotten security updates for a long
>> time, why don't we just reject SSLv3 on the backend side too?
> Attached patch disables SSLv3 in backend.
> TLS is supported in OpenSSL since fork from SSLeay, in Java since 1.4.2,
> in Windows since XP. It's hard to imagine this causing any
> compatibility problems.
I didn't hear anyone objecting to this idea, so I'll go ahead and commit
this in HEAD.
regards, tom lane