On Tue, Jun 6, 2017 at 2:32 AM, Michael Paquier <michael.paqu...@gmail.com> wrote: >>> At the end, >>> everything has been rejected as Postgres enforces the use of the >>> newest one when doing the SSL handshake. >> >> TLS implementations, or TLS versions? What does the TLS version have >> to do with this issue? > > I really mean *version* here.
I don't think it's true that we force the latest TLS version to be used. The comment says: /* * We use SSLv23_method() because it can negotiate use of the highest * mutually supported protocol version, while alternatives like * TLSv1_2_method() permit only one specific version. Note that we don't * actually allow SSL v2 or v3, only TLS protocols (see below). */ IIUC, this is specifically so that we don't force the use of TLS 1.2 or TLS 1.1 or TLS 1.0. It could well be that there's something I don't understand here. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers