From: "Heikki Linnakangas" <>
Thoughts? While we're at it, we'll probably want to refactor things so that it's easy to support other SSL implementations too, like gnutls.

That may be good because it provides users with choices. But I wonder if it is worth the complexity and maintainability of PostgreSQL code.

* Are SChannel and other libraries more secure than OpenSSL? IIRC, recently I read in the news that GnuTLS had a vulnerability. OpenSSL is probably the most widely used library, and many people are getting more interested in its quality. I expect the quality will improve thanks to the help from The Linux foundation and other organizations/researchers.

* Do other libraries get support from commercial vendor product support? For example, Safenet Inc., the famous HSM (hardware security module) vendor, supports OpenSSL to access the private key stored in its HSM product. Intel offered AES-NI implementation code to OpenSSL community. I guess OpenSSL will continue to be the most functional and obtain the widest adoption and support.


Sent via pgsql-hackers mailing list (
To make changes to your subscription:

Reply via email to