Hey there,
In 2.0.0, the TLS package introduced a number of breaking changes. This one in particular caused some trouble:
Security: BREAKING CHANGE: TLS 1.2 servers require EMS(extended main secret) by default. supportedExtendedMasterSec is renamed to supportedExtendedMainSecret.
After upgrading TLS, our services failed to connect to Postgres (on RDS) with the following messages:
HandshakeFailed (Error_Protocol "peer does not support Extended Main Secret" HandshakeFailure)
This patch reverts to the previous behavior (AllowEMS instead of RequireEMS) and introduces an optional pgDBTLSParams field allowing users to control TLS settings.
dylex
commented
4 months ago
Hey there, In
2.0.0, the TLS package introduced a number of breaking changes. This one in particular caused some trouble:After upgrading TLS, our services failed to connect to Postgres (on RDS) with the following messages:
This patch reverts to the previous behavior (
AllowEMSinstead ofRequireEMS) and introduces an optionalpgDBTLSParamsfield allowing users to control TLS settings.