Martijn van Oosterhout <[email protected]> writes: > Dag-Erling Smørgrav <[email protected]> writes: > > Martijn van Oosterhout <[email protected]> writes: > > > Since you can already specify the cipher list, couldn't you just > > > add -SSLv3 to the cipher list and be done? > > I didn't want to change the existing behavior; all I wanted was to > > give users a way to do so if they wish. > I think we should just disable SSL3.0 altogether. The only way this > could cause problems is if people are using PostgreSQL with an OpenSSL > library from last century. As for client libraries, even Windows XP > supports TLS1.0.
As far as I'm concerned (i.e. as far as FreeBSD and the University of Oslo are concerned), I couldn't care less about anything older than 0.9.8, which is what FreeBSD 8 and RHEL5 have, but I don't feel comfortable making that decision for other people. On the gripping hand, no currently supported version of libpq uses anything older than TLS; 9.0 through 9.3 use TLS 1.0 only while 9.4 uses TLS 1.0 or higher. DES -- Dag-Erling Smørgrav - [email protected] -- Sent via pgsql-hackers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
