diff options
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/protocol.sgml | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml index 4c0a1a00688..d5a78694b99 100644 --- a/doc/src/sgml/protocol.sgml +++ b/doc/src/sgml/protocol.sgml @@ -1508,10 +1508,10 @@ SELCT 1/0;<!-- this typo is intentional --> <para> The frontend should also be prepared to handle an ErrorMessage - response to SSLRequest from the server. This would only occur if - the server predates the addition of <acronym>SSL</acronym> support - to <productname>PostgreSQL</productname>. (Such servers are now very ancient, - and likely do not exist in the wild anymore.) + response to SSLRequest from the server. The frontend should not display + this error message to the user/application, since the server has not been + authenticated + (<ulink url="https://www.postgresql.org/support/security/CVE-2024-10977/">CVE-2024-10977</ulink>). In this case the connection must be closed, but the frontend might choose to open a fresh connection and proceed without requesting <acronym>SSL</acronym>. @@ -1621,12 +1621,13 @@ SELCT 1/0;<!-- this typo is intentional --> <para> The frontend should also be prepared to handle an ErrorMessage - response to GSSENCRequest from the server. This would only occur if - the server predates the addition of <acronym>GSSAPI</acronym> encryption - support to <productname>PostgreSQL</productname>. In this case the - connection must be closed, but the frontend might choose to open a fresh - connection and proceed without requesting <acronym>GSSAPI</acronym> - encryption. + response to GSSENCRequest from the server. The frontend should not display + this error message to the user/application, since the server has not been + authenticated + (<ulink url="https://www.postgresql.org/support/security/CVE-2024-10977/">CVE-2024-10977</ulink>). + In this case the connection must be closed, but the frontend might choose + to open a fresh connection and proceed without requesting + <acronym>GSSAPI</acronym> encryption. </para> <para> |