On 2015-10-05 12:16:05 -0300, Alvaro Herrera wrote: > Heikki Linnakangas wrote: > > > In short, pgcrypto actually used to use the EVP functions, but was changed > > to *not* use them, because in older versions of OpenSSL, some key lengths > > and/or padding options that pgcrypto supports were not supported by the EVP > > API. That was fixed in OpenSSL 0.9.7, however. The consensus in 2007 was > > that we could drop support for OpenSSL 0.9.6 and below, so that should > > definitely be OK by now, if we haven't already done that elsewhere in the > > code. > > I think we already effectively dropped support for < 0.9.7 with the > renegotiation fixes; see > https://www.postgresql.org/message-id/20130712203252.GH29206%40eldon.alvh.no-ip.org
9.5+ do again then :P But more seriously: Given the upstream support policies from https://www.openssl.org/policies/releasestrat.html : " Support for version 0.9.8 will cease on 2015-12-31. No further releases of 0.9.8 will be made after that date. Security fixes only will be applied to 0.9.8 until then. Support for version 1.0.0 will cease on 2015-12-31. No further releases of 1.0.0 will be made after that date. Security fixes only will be applied to 1.0.0 until then. We may designate a release as a Long Term Support (LTS) release. LTS releases will be supported for at least five years and we will specify one at least every four years. Non-LTS releases will be supported for at least two years. " and the amount of security fixes regularly required for openssl, I don't think we'd do anybody a favor by trying to continue supporting older versions for a long while. Note that openssl's security releases are denoted by a letter after the numeric version, not by the last digit. 0.9.7 was released 30 Dec 2002. Greetings, Andres Freund -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers