Alvaro Herrera <alvhe...@2ndquadrant.com> writes: > OpenSSL just announced a week or two ago that they're abandoning support > for 0.9.8 by the end of next year[1], which means its replacements have > been around for a really long time.
RHEL5 still has 0.9.8e with backported patches and will be supported until 2017-03-31. FreeBSD 8.4, 9.1, 9.2 and 9.3 all have 0.9.8y with backported patches. 8.4, 9.1 and 9.2 all expire before OpenSSL 0.9.8, but 9.3 will be supported until 2016-12-31. 0.9.8 and 1.0.1 are not binary compatible, so upgrading is *not* an option. We (as in FreeBSD) will have to make do - either develop our own patches or adapt RedHat's. > OpenSSL 0.9.7 has already not gotten fixes for all the latest flurry of > security issues, so anyone *is* using SSL but not at least the 0.9.8 > branch, they are in trouble. The latest 0.9.8 still only has TLS 1.0, unless they're planning to backport 1.1 and 1.2 (which I seriously doubt). DES -- Dag-Erling Smørgrav - d...@des.no -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
