Public bug reported: While the PostgresQL server supports versions higher than TLS 1.0, this is not enabled in libpq:
src/backend/libpq/be-secure.c:738: SSL_context = SSL_CTX_new(SSLv23_method()); src/interfaces/libpq/fe-secure.c:969: SSL_context = SSL_CTX_new(TLSv1_method()); Please consider applying this upstream patch on Ubuntu 14.04 LTS to improve compatibility with a TLSv1.2-only server: http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=820f08cabdcbb8998050c3d4873e9619d6d8cba4;hp=3a5313265d53322519b5edce018ebdea14062bf9 Apart from that, you might also want to apply the following patch to disable SSLv3 on the server side (shouldn't hurt as libpq never supported SSLv3 before): http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=326e1d73c476a0b5061ef00134bdf57aed70d5e7;hp=3fd3e34914a2aa520a8bc5109a773621385cf1f4 Binary package version: libpq5 9.3.5-0ubuntu0.14.04.1 Source package version: postgresql-9.3 9.3.5-0ubuntu0.14.04.1 ** Affects: postgresql-9.3 (Ubuntu) Importance: Undecided Status: New ** Tags: patch trusty ** Patch added: "postgresql.git-820f08cabdcbb8998050c3d4873e9619d6d8cba4.patch" https://bugs.launchpad.net/bugs/1399759/+attachment/4274678/+files/postgresql.git-820f08cabdcbb8998050c3d4873e9619d6d8cba4.patch ** Package changed: postgresql-common (Ubuntu) => postgresql-9.4 (Ubuntu) ** Package changed: postgresql-9.4 (Ubuntu) => postgresql-9.3 (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1399759 Title: Ability to use newer TLS versions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postgresql-9.3/+bug/1399759/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
