On Mon, Dec 2, 2019 at 11:39 AM Tom Lane <t...@sss.pgh.pa.us> wrote: > That's an excellent point, but it looks like we're pretty good > already. I tried the patch with openssl 0.9.8x, and got this > failure at server start: > > FATAL: ssl_min_protocol_version setting TLSv1.2 not supported by this build
Oh, that's pretty good. > Maybe it'd be worth extending that to show the max supported > version, with some rats-nest of #ifdefs, but I'm not sure if > it's worth the trouble. Especially if we mess up the #ifdefs. :-) I don't have super-strong feelings that we have to try to do that. It would be worth doing if it were easy, I think, but if our hypothesis that this will affect relatively few people is correct, it may not matter very much. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company