From: PostgreSQL Daemon Date: Wed, 18 Dec 2002 13:20:03 +0000 (+0000) Subject: From the SSL_CTX_new man page: X-Git-Tag: REL7_3_1~6 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d2f0761b822014385e57c99368142ee1f095d5f4;p=postgresql From the SSL_CTX_new man page: "SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void) A TLS/SSL connection established with these methods will understand the SSLv2, SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages and will indicate that it also understands SSLv3 and TLSv1. A server will understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best choice when compatibility is a concern." This will maintain backwards compatibility for those us that don't use TLS connections ... --- diff --git a/src/backend/libpq/be-secure.c b/src/backend/libpq/be-secure.c index 113189571e..21cefc0207 100644 --- a/src/backend/libpq/be-secure.c +++ b/src/backend/libpq/be-secure.c @@ -11,7 +11,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.15.2.3 2002/12/14 18:39:39 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.15.2.4 2002/12/18 13:20:00 pgsql Exp $ * * Since the server static private key ($DataDir/server.key) * will normally be stored unencrypted so that the database @@ -587,7 +587,7 @@ initialize_SSL(void) { SSL_library_init(); SSL_load_error_strings(); - SSL_context = SSL_CTX_new(TLSv1_method()); + SSL_context = SSL_CTX_new(SSLv23_method()); if (!SSL_context) { postmaster_error("failed to create SSL context: %s", diff --git a/src/interfaces/libpq/fe-secure.c b/src/interfaces/libpq/fe-secure.c index de71699cae..2107b51d12 100644 --- a/src/interfaces/libpq/fe-secure.c +++ b/src/interfaces/libpq/fe-secure.c @@ -11,7 +11,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-secure.c,v 1.15.2.1 2002/11/07 18:47:08 tgl Exp $ + * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-secure.c,v 1.15.2.2 2002/12/18 13:20:03 pgsql Exp $ * * NOTES * The client *requires* a valid server certificate. Since @@ -712,7 +712,7 @@ initialize_SSL(PGconn *conn) { SSL_library_init(); SSL_load_error_strings(); - SSL_context = SSL_CTX_new(TLSv1_method()); + SSL_context = SSL_CTX_new(SSLv23_method()); if (!SSL_context) { printfPQExpBuffer(&conn->errorMessage,