Greetings, * Andres Freund (and...@anarazel.de) wrote: > On 2018-11-29 16:34:13 -0500, Tom Lane wrote: > > Yeah, I was disappointed too. OpenSSL has had a squirrelly enough track > > record that it'd be nice not to be totally dependent on it. > > GnuTLS seems, if anything, worse though. There's obviously good reasons > to add support for TLS libraries that make it easier to use PG on > certain platforms, but GnuTLS doesn't achieve that. So I don't think > this is too sad.
There are very good reasons to give our users the option of different TLS libraries, even if it's platforms where OpenSSL is also available, for the reason Tom mentioned- OpenSSL hasn't had a terribly good track record, and because there's been independent evaluation of different libraries and OpenSSL doesn't top the list in those. As such, I do believe it'd be good to have support for multiple libraries, even on Linux or other platforms where OpenSSL is available. Thanks! Stephen
signature.asc
Description: PGP signature