[pgpool-hackers: 58] extend ssl support from tlsv1 to sslv2/sslv3/tlsv3
redeamer at gmx.net
redeamer at gmx.net
Thu Apr 5 14:44:09 JST 2012
Hi,
I would propose to extend the supported ssl connection types, because some drivers (eg jdbc) use by default the client hello message for handshake.
--- a/pool_ssl.c
+++ b/pool_ssl.c
@@ -186,7 +186,7 @@ static int init_ssl_ctx(POOL_CONNECTION *cp, enum ssl_conn_type conntype) {
char *cacert = NULL, *cacert_dir = NULL;
/* initialize SSL members */
- cp->ssl_ctx = SSL_CTX_new(TLSv1_method());
+ cp->ssl_ctx = SSL_CTX_new(SSLv23_method());
SSL_RETURN_ERROR_IF( (! cp->ssl_ctx), "SSL_CTX_new" );
if ( conntype == ssl_conn_serverclient) {
Or is there a reason to use only TLSv1 method?
Regards,
michael
--
NEU: FreePhone 3-fach-Flat mit kostenlosem Smartphone!
Jetzt informieren: http://mobile.1und1.de/?ac=OM.PW.PW003K20328T7073a
More information about the pgpool-hackers
mailing list