Robert Haas <robertmhaas@gmail.com> writes:
> ... However, it would be worth putting in some
> effort to make sure that we give a good error message if this happens.
That's an excellent point, but it looks like we're pretty good
already. I tried the patch with openssl 0.9.8x, and got this
failure at server start:
FATAL: ssl_min_protocol_version setting TLSv1.2 not supported by this build
Maybe it'd be worth extending that to show the max supported
version, with some rats-nest of #ifdefs, but I'm not sure if
it's worth the trouble.
regards, tom lane