On 04/16/2017 03:14 AM, Tom Lane wrote:
> 1. Back-patch that patch, probably also including the followup adjustments
> in 86029b31e and 36a3be654.
>
> 2. Add #if's to use 31cf1a1a4's coding with OpenSSL >= 1.1, while keeping
> the older code for use when built against older OpenSSLs.
>
> 3. Conditionally disable renegotiation altogether with OpenSSL >= 1.1,
> thus adopting 9.5 not 9.4 behavior when using newer OpenSSL.
>
> [...]
>
> Thoughts?
Given that I cannot recall seeing any complaints about the behavior of
9.4 compared to 9.3 I am leaning towards #1. That way there are fewer
different versions of our OpenSSL code.
Andreas