[trusty] Ability to use newer TLS versions
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
postgresql-9.3 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Trusty |
Triaged
|
Undecided
|
Unassigned |
Bug Description
While the PostgresQL server supports versions higher than TLS 1.0, this is not enabled in libpq:
src/backend/
src/interfaces/
Please consider applying this upstream patch on Ubuntu 14.04 LTS to improve compatibility with a TLSv1.2-only server:
Apart from that, you might also want to apply the following patch to disable SSLv3 on the server side (shouldn't hurt as libpq never supported SSLv3 before):
http://
Binary package version:
libpq5 9.3.5-0ubuntu0.
Source package version:
postgresql-9.3 9.3.5-0ubuntu0.
Changed in postgresql-9.3 (Ubuntu): | |
status: | New → Triaged |
Changed in postgresql-9.3 (Ubuntu Trusty): | |
status: | New → Triaged |
Changed in postgresql-9.3 (Ubuntu): | |
status: | Triaged → Invalid |
Changed in postgresql-9.3 (Ubuntu Trusty): | |
assignee: | nobody → Martin Pitt (pitti) |
summary: |
- Ability to use newer TLS versions + [trusty] Ability to use newer TLS versions |
Changed in postgresql-9.3 (Ubuntu Trusty): | |
assignee: | Martin Pitt (pitti) → nobody |
Even ECDHE-RSA- AES128- SHA (TLSv1.0) did not work, it turns out that another change is needed for ECDHE suites. Please consider applying this one too, it is more CPU friendly.
http:// git.postgresql. org/gitweb/ ?p=postgresql. git;a=commitdif f;h=3164721462d 547fa2d15e2a2f0 7eb086a3590fd5; hp=91484409bdd1 7f330d10671d388 b72d4ef1451d7