Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit820f08c

Browse files
committed
libpq: Support TLS versions beyond TLSv1.
Per report from Jeffrey Walton, libpq has been accepting only TLSv1exactly. Along the lines of the backend code, libpq will now supportnew versions as OpenSSL adds them.Marko Kreen, reviewed by Wim Lewis.
1 parent3a53132 commit820f08c

File tree

1 file changed

+8
-1
lines changed

1 file changed

+8
-1
lines changed

‎src/interfaces/libpq/fe-secure.c

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -966,7 +966,11 @@ init_ssl_system(PGconn *conn)
966966
SSL_load_error_strings();
967967
}
968968

969-
SSL_context=SSL_CTX_new(TLSv1_method());
969+
/*
970+
* Only SSLv23_method() negotiates higher protocol versions;
971+
* alternatives like TLSv1_2_method() permit one specific version.
972+
*/
973+
SSL_context=SSL_CTX_new(SSLv23_method());
970974
if (!SSL_context)
971975
{
972976
char*err=SSLerrmessage();
@@ -981,6 +985,9 @@ init_ssl_system(PGconn *conn)
981985
return-1;
982986
}
983987

988+
/* Disable old protocol versions */
989+
SSL_CTX_set_options(SSL_context,SSL_OP_NO_SSLv2 |SSL_OP_NO_SSLv3);
990+
984991
/*
985992
* Disable OpenSSL's moving-write-buffer sanity check, because it
986993
* causes unnecessary failures in nonblocking send cases.

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp