Merge branch 'master' into slot2slot2

author: Robert Haas 2014-02-01 03:25:01 +0000
committer: Robert Haas 2014-02-01 03:25:01 +0000
commit: c7de3295ba9db6649c32568bb46b91f1160da8d3 (patch)
tree: 52bda214aaf8fa4bcc80eb8593c06807f2dc776d /src/interfaces/libpq/fe-secure.c
parent: e01fc2377bfdb6a519aea7007a57c901c8a95da6 (diff)
parent: d1981719adbcc05fa15f540e8fc4327907991fc6 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/src/interfaces/libpq/fe-secure.c b/src/interfaces/libpq/fe-secure.c
index 7e7a4f9ff1..d8ac40c784 100644
--- a/src/interfaces/libpq/fe-secure.c
+++ b/src/interfaces/libpq/fe-secure.c
@@ -967,8 +967,10 @@ init_ssl_system(PGconn *conn)
 		}
 
 		/*
-		 * Only SSLv23_method() negotiates higher protocol versions;
-		 * alternatives like TLSv1_2_method() permit one specific version.
+		 * We use SSLv23_method() because it can negotiate use of the highest
+		 * mutually supported protocol version, while alternatives like
+		 * TLSv1_2_method() permit only one specific version.  Note that we
+		 * don't actually allow SSL v2 or v3, only TLS protocols (see below).
 		 */
 		SSL_context = SSL_CTX_new(SSLv23_method());
 		if (!SSL_context)
author	Robert Haas	2014-02-01 03:25:01 +0000
committer	Robert Haas	2014-02-01 03:25:01 +0000
commit	c7de3295ba9db6649c32568bb46b91f1160da8d3 (patch)
tree	52bda214aaf8fa4bcc80eb8593c06807f2dc776d /src/interfaces/libpq/fe-secure.c
parent	e01fc2377bfdb6a519aea7007a57c901c8a95da6 (diff)
parent	d1981719adbcc05fa15f540e8fc4327907991fc6 (diff)