git.postgresql.org Git - users/rhaas/postgres.git/commit

author	Peter Eisentraut <peter@eisentraut.org>
	Wed, 4 Dec 2019 20:40:17 +0000 (21:40 +0100)
committer	Peter Eisentraut <peter@eisentraut.org>
	Wed, 4 Dec 2019 21:07:43 +0000 (22:07 +0100)
commit	b1abfec825472434ea445b9700eaa80cde9da86a
tree	c73220c97d804582edc6d23e92713e5bbeb84681	tree
parent	4af77aa797d95f9f77d7b88a41b4e02bc62d8975	commit \| diff

Update minimum SSL version

Change default of ssl_min_protocol_version to TLSv1.2 (from TLSv1,
which means 1.0). Older versions are still supported, just not by
default.

TLS 1.0 is widely deprecated, and TLS 1.1 only slightly less so. All
OpenSSL versions that support TLS 1.1 also support TLS 1.2, so there
would be very little reason to, say, set the default to TLS 1.1
instead on grounds of better compatibility.

The test suite overrides this new setting, so it can still run with
older OpenSSL versions.

Discussion: https://www.postgresql.org/message-id/flat/b327f8df-da98-054d-0cc5-b76a857cfed9%402ndquadrant.com

doc/src/sgml/config.sgml		diff \| blob \| blame \| history
src/backend/utils/misc/guc.c		diff \| blob \| blame \| history
src/backend/utils/misc/postgresql.conf.sample		diff \| blob \| blame \| history
src/test/ssl/t/SSLServer.pm		diff \| blob \| blame \| history