Re: Update minimum SSL version
| От | Peter Eisentraut |
|---|---|
| Тема | Re: Update minimum SSL version |
| Дата | |
| Msg-id | ede00153-419e-c763-0401-838f0514b0c4@2ndquadrant.com обсуждение исходный текст |
| Ответ на | Re: Update minimum SSL version (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
On 2019-12-02 17:39, Tom Lane wrote: > Robert Haas <robertmhaas@gmail.com> writes: >> ... However, it would be worth putting in some >> effort to make sure that we give a good error message if this happens. > > That's an excellent point, but it looks like we're pretty good > already. I tried the patch with openssl 0.9.8x, and got this > failure at server start: > > FATAL: ssl_min_protocol_version setting TLSv1.2 not supported by this build That's the easy part, since it's under our control. The other situation is if you connect with an old library to a newer server that has the raised ssl_min_protocol_version setting. Then you get something like this: psql: SSL error: tlsv1 alert protocol version and on the server: LOG: could not accept SSL connection: unsupported protocol Not great, but usable. (What actually happens due to the default of PGSSLMODE=prefer is that psql/libpq will have the SSL connection attempt rejected and will connect using a non-SSL connection.) -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
В списке pgsql-hackers по дате отправления: