[pgpool-hackers: 58] extend ssl support from tlsv1 to sslv2/sslv3/tlsv3

redeamer at gmx.net redeamer at gmx.net
Thu Apr 5 14:44:09 JST 2012


Hi, 
I would propose to extend the supported ssl connection types, because some drivers (eg jdbc) use by default the client hello message for handshake.


--- a/pool_ssl.c
+++ b/pool_ssl.c
@@ -186,7 +186,7 @@ static int init_ssl_ctx(POOL_CONNECTION *cp, enum ssl_conn_type conntype) {
        char *cacert = NULL, *cacert_dir = NULL;
 
        /* initialize SSL members */
-       cp->ssl_ctx = SSL_CTX_new(TLSv1_method());
+       cp->ssl_ctx = SSL_CTX_new(SSLv23_method());
        SSL_RETURN_ERROR_IF( (! cp->ssl_ctx), "SSL_CTX_new" );
 
        if ( conntype == ssl_conn_serverclient) {

Or is there a reason to use only TLSv1 method?

Regards,
michael
-- 
NEU: FreePhone 3-fach-Flat mit kostenlosem Smartphone!                                  
Jetzt informieren: http://mobile.1und1.de/?ac=OM.PW.PW003K20328T7073a


More information about the pgpool-hackers mailing list