On Thu, Jun 28, 2018 at 10:05:23AM +0200, Peter Eisentraut wrote: > But before we drop the SCRAM business completely off the open items, I > think we need to consider how TLS 1.3 affects this.
The set of APIs that we use to the SSL abstraction layer is very internal, so it would not be an issue if we add some in stable branches, no? My point is that from OpenSSL point of view, TLS 1.3 stuff has been added in 1.1.1 which is now in beta 6 stage, so we could consider as well all this part once OpenSSL is released. That's compatibility work I wanted to work on anyway. Impossible to say down to which versions of Postgres things could be applied easily though without a deep investigation of the new compatibility breakages that upstream OpenSSL has very-likely introduced in upstream. Still it does not sound completely strange either to me to wait for OpenSSL to release as we won't be able to have a full solution designed before that. -- Michael
signature.asc
Description: PGP signature