diff options
| author | PostgreSQL Daemon <webmaster@postgresql.org> | 2002-12-18 13:15:15 +0000 |
|---|---|---|
| committer | PostgreSQL Daemon <webmaster@postgresql.org> | 2002-12-18 13:15:15 +0000 |
| commit | 750a0e676e1f8f71bf1c6aba05d3264a7c57218b (patch) | |
| tree | b528b0062aa72f383ebe6ac0566e1d9683896453 | |
| parent | 46a4351dcda7abcf403d2e4d9fc00e30a6628d1e (diff) | |
| download | postgresql-750a0e676e1f8f71bf1c6aba05d3264a7c57218b.tar.gz postgresql-750a0e676e1f8f71bf1c6aba05d3264a7c57218b.zip | |
From the SSL_CTX_new man page:
"SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)
A TLS/SSL connection established with these methods will understand the SSLv2,
SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages
and will indicate that it also understands SSLv3 and TLSv1. A server will
understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best
choice when compatibility is a concern."
This will maintain backwards compatibility for those us that don't use
TLS connections ...
| -rw-r--r-- | src/backend/libpq/be-secure.c | 4 | ||||
| -rw-r--r-- | src/interfaces/libpq/fe-secure.c | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/src/backend/libpq/be-secure.c b/src/backend/libpq/be-secure.c index ccb434cdd06..a501df64d54 100644 --- a/src/backend/libpq/be-secure.c +++ b/src/backend/libpq/be-secure.c @@ -11,7 +11,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.19 2002/12/14 18:39:14 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.20 2002/12/18 13:15:12 pgsql Exp $ * * Since the server static private key ($DataDir/server.key) * will normally be stored unencrypted so that the database @@ -587,7 +587,7 @@ initialize_SSL(void) { SSL_library_init(); SSL_load_error_strings(); - SSL_context = SSL_CTX_new(TLSv1_method()); + SSL_context = SSL_CTX_new(SSLv23_method()); if (!SSL_context) { postmaster_error("failed to create SSL context: %s", diff --git a/src/interfaces/libpq/fe-secure.c b/src/interfaces/libpq/fe-secure.c index b0cec2608a5..6f613aec069 100644 --- a/src/interfaces/libpq/fe-secure.c +++ b/src/interfaces/libpq/fe-secure.c @@ -11,7 +11,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-secure.c,v 1.17 2002/12/12 22:42:39 momjian Exp $ + * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-secure.c,v 1.18 2002/12/18 13:15:15 pgsql Exp $ * * NOTES * The client *requires* a valid server certificate. Since @@ -714,7 +714,7 @@ initialize_SSL(PGconn *conn) { SSL_library_init(); SSL_load_error_strings(); - SSL_context = SSL_CTX_new(TLSv1_method()); + SSL_context = SSL_CTX_new(SSLv23_method()); if (!SSL_context) { printfPQExpBuffer(&conn->errorMessage, |