Robert Haas <robertmh...@gmail.com> writes: > I don't think it's true that we force the latest TLS version to be > used. The comment says:
> /* > * We use SSLv23_method() because it can negotiate use of the highest > * mutually supported protocol version, while alternatives like > * TLSv1_2_method() permit only one specific version. Note > that we don't > * actually allow SSL v2 or v3, only TLS protocols (see below). > */ > IIUC, this is specifically so that we don't force the use of TLS 1.2 > or TLS 1.1 or TLS 1.0. Right. IIUC, there's no way (at least in older OpenSSL versions) to say directly "we only want TLS >= 1.0", so we have to do it like this. I found a comment on the web saying "SSLv23_method would be better named AutoNegotiate_method", which seems accurate. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers