From the SSL_CTX_new man page:

"SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void) A TLS/SSL connection established with these methods will understand the SSLv2, SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages and will indicate that it also understands SSLv3 and TLSv1. A server will understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best choice when compatibility is a concern." This will maintain backwards compatibility for those us that don't use TLS connections ...
2025-08-27 07:42:10 +03:00 · 2002-12-18 13:15:15 +00:00
parent 46a4351dcd
commit 750a0e676e
2 changed files with 4 additions and 4 deletions
--- a/src/interfaces/libpq/fe-secure.c
+++ b/src/interfaces/libpq/fe-secure.c
@@ -11,7 +11,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-secure.c,v 1.17 2002/12/12 22:42:39 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-secure.c,v 1.18 2002/12/18 13:15:15 pgsql Exp $
 *
 * NOTES
 *	  The client *requires* a valid server certificate.  Since
@@ -714,7 +714,7 @@ initialize_SSL(PGconn *conn)
 	{
 		SSL_library_init();
 		SSL_load_error_strings();
-		SSL_context = SSL_CTX_new(TLSv1_method());
+		SSL_context = SSL_CTX_new(SSLv23_method());
 		if (!SSL_context)
 		{
 			printfPQExpBuffer(&conn->errorMessage,