← Back to team overview

desktop-packages team mailing list archive

  1. desktop-packages team
  2. Mailing list archive
  3. Message #86628

[Bug 1399759] [NEW] Ability to use newer TLS versions

  Thread PreviousDate PreviousThread Next 
Public bug reported:

While the PostgresQL server supports versions higher than TLS 1.0, this
is not enabled in libpq:

src/backend/libpq/be-secure.c:738:              SSL_context = SSL_CTX_new(SSLv23_method());
src/interfaces/libpq/fe-secure.c:969:           SSL_context = SSL_CTX_new(TLSv1_method());

Please consider applying this upstream patch on Ubuntu 14.04 LTS to
improve compatibility with a TLSv1.2-only server:

http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=820f08cabdcbb8998050c3d4873e9619d6d8cba4;hp=3a5313265d53322519b5edce018ebdea14062bf9

Apart from that, you might also want to apply the following patch to disable SSLv3 on the server side (shouldn't hurt as libpq never supported SSLv3 before):
http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=326e1d73c476a0b5061ef00134bdf57aed70d5e7;hp=3fd3e34914a2aa520a8bc5109a773621385cf1f4

Binary package version:
libpq5 9.3.5-0ubuntu0.14.04.1

Source package version:
postgresql-9.3 9.3.5-0ubuntu0.14.04.1

** Affects: postgresql-9.3 (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: patch trusty

** Patch added: "postgresql.git-820f08cabdcbb8998050c3d4873e9619d6d8cba4.patch"
   https://bugs.launchpad.net/bugs/1399759/+attachment/4274678/+files/postgresql.git-820f08cabdcbb8998050c3d4873e9619d6d8cba4.patch

** Package changed: postgresql-common (Ubuntu) => postgresql-9.4
(Ubuntu)

** Package changed: postgresql-9.4 (Ubuntu) => postgresql-9.3 (Ubuntu)

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to postgresql-common in Ubuntu.
https://bugs.launchpad.net/bugs/1399759

Title:
  Ability to use newer TLS versions

Status in postgresql-9.3 package in Ubuntu:
  New

Bug description:
  While the PostgresQL server supports versions higher than TLS 1.0,
  this is not enabled in libpq:

  src/backend/libpq/be-secure.c:738:              SSL_context = SSL_CTX_new(SSLv23_method());
  src/interfaces/libpq/fe-secure.c:969:           SSL_context = SSL_CTX_new(TLSv1_method());

  Please consider applying this upstream patch on Ubuntu 14.04 LTS to
  improve compatibility with a TLSv1.2-only server:

  http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=820f08cabdcbb8998050c3d4873e9619d6d8cba4;hp=3a5313265d53322519b5edce018ebdea14062bf9

  Apart from that, you might also want to apply the following patch to disable SSLv3 on the server side (shouldn't hurt as libpq never supported SSLv3 before):
  http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=326e1d73c476a0b5061ef00134bdf57aed70d5e7;hp=3fd3e34914a2aa520a8bc5109a773621385cf1f4

  Binary package version:
  libpq5 9.3.5-0ubuntu0.14.04.1

  Source package version:
  postgresql-9.3 9.3.5-0ubuntu0.14.04.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/postgresql-9.3/+bug/1399759/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next