Daniel Gustafsson <daniel@yesql.se> writes:
> SSL_R_UNKNOWN_PROTOCOL seem to covers cases when someone manages to perform
> something which OpenSSL believes is a broken SSLv2 connection, but their own
> client-level code use it to refer to SSL as well as TLS. Maybe it's worth
> adding as a belts and suspenders type thing?
No objection on my part.
> Is this targeting v13 or v14? In case of the former, the release notes entry
> for raising the default minimum version should perhaps be tweaked as it now
> just refers to the GUC which is a tad misleading.
I think Peter is proposing that we change this in v13. I didn't look
at the release notes; usually we cover this sort of thing in-bulk
when we update the release notes later in beta.
> If anything it might useful to document in the comment that we're only
> concerned with TLS versions, SSL2/3 are disabled in the library initialization.
Good point.
regards, tom lane