Hey there,
In 2.0.0, the TLS package introduced a number of breaking changes. This one in particular caused some trouble:
Security: BREAKING CHANGE: TLS 1.2 servers require EMS(extended main secret) by default. supportedExtendedMasterSec is renamed to supportedExtendedMainSecret.
After upgrading TLS, our services failed to connect to Postgres (on RDS) with the following messages:
HandshakeFailed (Error_Protocol "peer does not support Extended Main Secret" HandshakeFailure)
This patch reverts to the previous behavior (AllowEMS instead of RequireEMS) and introduces an optional pgDBTLSParams field allowing users to control TLS settings.
Hey there, In
2.0.0
, the TLS package introduced a number of breaking changes. This one in particular caused some trouble:After upgrading TLS, our services failed to connect to Postgres (on RDS) with the following messages:
This patch reverts to the previous behavior (
AllowEMS
instead ofRequireEMS
) and introduces an optionalpgDBTLSParams
field allowing users to control TLS settings.