</listitem>

</varlistentry>

<varlistentry id="libpq-connect-min-protocol-version" xreflabel="min_protocol_version">

<term><literal>min_protocol_version</literal></term>

<listitem>

<para>

Specifies the minimum protocol version to allow for the connection.

The default is to allow any version of the

<productname>PostgreSQL</productname> protocol supported by libpq,

which currently means <literal>3.0</literal>. If the server

does not support at least this protocol version the connection will be

closed.

</para>

<para>

The current supported values are

<literal>3.0</literal>, <literal>3.2</literal>,

and <literal>latest</literal>. The <literal>latest</literal> value is

equivalent to the latest protocol version supported by the libpq

version being used, which is currently <literal>3.2</literal>.

</para>

</listitem>

</varlistentry>

<varlistentry id="libpq-connect-max-protocol-version" xreflabel="max_protocol_version">

<term><literal>max_protocol_version</literal></term>

<listitem>

<para>

Specifies the protocol version to request from the server.

The default is to use version <literal>3.0</literal> of the

<productname>PostgreSQL</productname> protocol, unless the connection

string specifies a feature that relies on a higher protocol version,

in which case the latest version supported by libpq is used. If the

server does not support the protocol version requested by the client,

the connection is automatically downgraded to a lower minor protocol

version that the server supports. After the connection attempt has

completed you can use <xref linkend="libpq-PQprotocolVersion"/> to

find out which exact protocol version was negotiated.

</para>

<para>

The current supported values are

<literal>3.0</literal>, <literal>3.2</literal>,

and <literal>latest</literal>. The <literal>latest</literal> value is

equivalent to the latest protocol version supported by the libpq

version being used, which is currently <literal>3.2</literal>.

</para>

</listitem>

</varlistentry>

<varlistentry id="libpq-connect-ssl-max-protocol-version" xreflabel="ssl_max_protocol_version">

<term><literal>ssl_max_protocol_version</literal></term>

<listitem>

linkend="libpq-connect-load-balance-hosts"/> connection parameter.

</para>

</listitem>

<listitem>

<para>

<indexterm>

<primary><envar>PGMINPROTOCOLVERSION</envar></primary>

</indexterm>

<envar>PGMINPROTOCOLVERSION</envar> behaves the same as the <xref

linkend="libpq-connect-min-protocol-version"/> connection parameter.

</para>

</listitem>

<listitem>

<para>

<indexterm>

<primary><envar>PGMAXPROTOCOLVERSION</envar></primary>

</indexterm>

<envar>PGMAXPROTOCOLVERSION</envar> behaves the same as the <xref

linkend="libpq-connect-max-protocol-version"/> connection parameter.

</para>

</listitem>

</itemizedlist>

</para>

</para>

<para>

This document describes version 3.0 of the protocol, implemented in

<productname>PostgreSQL</productname> 7.4 and later. For descriptions

of the earlier protocol versions, see previous releases of the

<productname>PostgreSQL</productname> documentation. A single server

This document describes version 3.2 of the protocol, introduced in

<productname>PostgreSQL</productname> version 18. The server and the libpq

client library are backwards compatible with protocol version 3.0,

implemented in <productname>PostgreSQL</productname> 7.4 and later.

For descriptions of earlier protocol versions, see previous releases of the

<productname>PostgreSQL</productname> documentation.

</para>

<para>

A single server

can support multiple protocol versions. The initial startup-request

message tells the server which protocol version the client is attempting to

use. If the major version requested by the client is not supported by

the server, the connection will be rejected (for example, this would occur

if the client requested protocol version 4.0, which does not exist as of

this writing). If the minor version requested by the client is not

supported by the server (e.g., the client requests version 3.1, but the

supported by the server (e.g., the client requests version 3.2, but the

server supports only 3.0), the server may either reject the connection or

may respond with a NegotiateProtocolVersion message containing the highest

minor protocol version which it supports. The client may then choose either

to continue with the connection using the specified protocol version or

to abort the connection.

</para>

<para>

The protocol negotiation was introduced in

<productname>PostgreSQL</productname> version 9.3.21. Earlier versions would

reject the connection if the client requested a minor version that was not

supported by the server.

</para>

<para>

In order to serve multiple clients efficiently, the server launches

a new <quote>backend</quote> process for each client.

this message indicates the highest supported minor version. This

message will also be sent if the client requested unsupported protocol

options (i.e., beginning with <literal>_pq_.</literal>) in the

startup packet. This message will be followed by an ErrorResponse or

a message indicating the success or failure of authentication.

startup packet.

</para>

<para>

After this message, the authentication will continue using the version

indicated by the server. If the client does not support the older

version, it should immediately close the connection. If the server

does not send this message, it supports the client's requested

protocol version and all the protocol options.

</para>

</listitem>

</varlistentry>

#definePG_PROTOCOL_EARLIESTPG_PROTOCOL(3,0)

#definePG_PROTOCOL_LATESTPG_PROTOCOL(3,0)

#definePG_PROTOCOL_LATESTPG_PROTOCOL(3,2)

typedefuint32ProtocolVersion;/* FE/BE protocol version number */

"Require-Auth","",14,/* sizeof("scram-sha-256") == 14 */

offsetof(structpg_conn,require_auth)},

{"min_protocol_version","PGMINPROTOCOLVERSION",

NULL,NULL,

"Min-Protocol-Version","",6,/* sizeof("latest") = 6 */

offsetof(structpg_conn,min_protocol_version)},

{"max_protocol_version","PGMAXPROTOCOLVERSION",

NULL,NULL,

"Max-Protocol-Version","",6,/* sizeof("latest") = 6 */

offsetof(structpg_conn,max_protocol_version)},

{"ssl_min_protocol_version","PGSSLMINPROTOCOLVERSION","TLSv1.2",NULL,

"SSL-Minimum-Protocol-Version","",8,/* sizeof("TLSv1.x") == 8 */

offsetof(structpg_conn,ssl_min_protocol_version)},

staticvoiddefault_threadlock(intacquire);

staticboolsslVerifyProtocolVersion(constchar*version);

staticboolsslVerifyProtocolRange(constchar*min,constchar*max);

staticboolpqParseProtocolVersion(constchar*value,ProtocolVersion*result,PGconn*conn,constchar*context);

}

}

if (conn->min_protocol_version)

{

if (!pqParseProtocolVersion(conn->min_protocol_version,&conn->min_pversion,conn,"min_protocol_version"))

{

conn->status=CONNECTION_BAD;

return false;

}

}

{

conn->min_pversion=PG_PROTOCOL_EARLIEST;

}

if (conn->max_protocol_version)

{

if (!pqParseProtocolVersion(conn->max_protocol_version,&conn->max_pversion,conn,"max_protocol_version"))

{

conn->status=CONNECTION_BAD;

return false;

}

}

{

if (conn->min_pversion>PG_PROTOCOL(3,0))

conn->max_pversion=PG_PROTOCOL_LATEST;

conn->max_pversion=PG_PROTOCOL(3,0);

}

if (conn->min_pversion>conn->max_pversion)

{

conn->status=CONNECTION_BAD;

libpq_append_conn_error(conn,"min_protocol_version is greater than max_protocol_version");

return false;

}

conn->pversion=PG_PROTOCOL(3,0);

conn->pversion=conn->max_pversion;

conn->send_appname= true;

conn->failed_enc_methods=0;

conn->current_enc_method=0;

pqParseDone(conn,conn->inCursor);

gotokeep_going;

}

return false;

}

pqParseProtocolVersion(constchar*value,ProtocolVersion*result,PGconn*conn,

constchar*context)

{

if (strcmp(value,"latest")==0)

{

*result=PG_PROTOCOL_LATEST;

return true;

}

if (strcmp(value,"3.0")==0)

{

*result=PG_PROTOCOL(3,0);

return true;

}

if (strcmp(value,"3.2")==0)

{

*result=PG_PROTOCOL(3,2);

return true;

}

libpq_append_conn_error(conn,"invalid %s value: \"%s\"",

context,value);

return false;

}

gotofailure;

}

if (their_version==PG_PROTOCOL(3,1))

{

libpq_append_conn_error(conn,"received invalid protocol negotiation message: server requests downgrade to non-existent 3.1 protocol version");

gotofailure;

}

if (num<0)

{

libpq_append_conn_error(conn,"received invalid protocol negotiation message: server reported negative number of unsupported parameters");

gotofailure;

}

if (their_version<conn->min_pversion)

{

libpq_append_conn_error(conn,"server only supports protocol version %d.%d, but min_protocol_version was set to %d.%d",

PG_PROTOCOL_MAJOR(their_version),

PG_PROTOCOL_MINOR(their_version),

PG_PROTOCOL_MAJOR(conn->min_pversion),

PG_PROTOCOL_MINOR(conn->min_pversion));

gotofailure;

}

conn->pversion=their_version;

char*gsslib;/* What GSS library to use ("gssapi" or

char*gssdelegation;/* Try to delegate GSS credentials? (0 or 1) */

char*min_protocol_version;/* minimum used protocol version */

char*max_protocol_version;/* maximum used protocol version */

char*ssl_min_protocol_version;/* minimum TLS protocol version */

char*ssl_max_protocol_version;/* maximum TLS protocol version */

char*target_session_attrs;/* desired session properties */

void*scram_client_key_binary;/* binary SCRAM client key */

size_tscram_server_key_len;

void*scram_server_key_binary;/* binary SCRAM server key */

ProtocolVersionmin_pversion;/* protocol version to request */

ProtocolVersionmax_pversion;/* protocol version to request */

intbe_pid;/* PID of backend --- needed for cancels */