On Mon, Jun 11, 2018 at 10:47:23AM -0400, Peter Eisentraut wrote: > I think we'll just have to wait for an updated RFC on channel bindings > for TLS 1.3. > > Perhaps we should change PostgreSQL 11 to not advertise channel binding > when TLS 1.3 is used?
Yeah, that's what we should do and I would vote for doing nothing as long as we are not sure how the TLS is shaped at the end, as we could as well be able to use only be-tls-end-point so -PLUS can be advertised. From a technical point of view, the decision-making can happen with Port->ssl->version by looking for TLS1_3_VERSION which is new as of OpenSSL 1.1.1 so that's very fresh (1.1.1 beta 5 is out as of today). -- Michael
signature.asc
Description: PGP signature
