granicus.if.org Git - postgresql/commit

author	Tom Lane <tgl@sss.pgh.pa.us>
	Fri, 22 May 2015 00:41:55 +0000 (20:41 -0400)
committer	Tom Lane <tgl@sss.pgh.pa.us>
	Fri, 22 May 2015 00:41:55 +0000 (20:41 -0400)
commit	b78fbfe65f755f072a9f56b5fc3a511167341490
tree	bbc36a73e07ee37d59b377b6e9f6e859f441f46b	tree \| snapshot
parent	baf379bf22a9b4fd9caa4cf95de397cac480cceb	commit \| diff

Back-patch libpq support for TLS versions beyond v1.

Since 7.3.2, libpq has been coded in such a way that the only SSL protocol
it would allow was TLS v1. That approach is looking increasingly obsolete.
In commit 820f08cabdcbb899 we fixed it to allow TLS >= v1, but did not
back-patch the change at the time, partly out of caution and partly because
the question was confused by a contemporary server-side change to reject
the now-obsolete SSL protocol v3. 9.4 has now been out long enough that
it seems safe to assume the change is OK; hence, back-patch into 9.0-9.3.

(I also chose to back-patch some relevant comments added by commit
326e1d73c476a0b5, but did *not* change the server behavior; hence, pre-9.4
servers will continue to allow SSL v3, even though no remotely modern
client will request it.)

Per gripe from Jan Bilek.

src/backend/libpq/be-secure.c		diff \| blob \| history
src/interfaces/libpq/fe-secure.c		diff \| blob \| history