jeremymv2
commented
3 years ago cc: @thibaultcha
Closed jeremymv2 closed 3 years ago
jeremymv2
commented
3 years ago cc: @thibaultcha
leafo
commented
3 years ago Looks good to me, thanks for getting the tests working. Tell me if you're good for the merge.
jeremymv2
commented
3 years ago @leafo
Looks good to me, thanks for getting the tests working. Tell me if you're good for the merge.
I wanted to do some triple checking with a product I'm working on (Kong) and this change. Everything checks out. With this change I can connect to PG9.5 and PG13 instances using TLSV1.1, TLSV1.2 and TLSV1.3 (in PG13).
When trying to connect with TLSv1 or lower you will get:
Error: [PostgreSQL error] failed to retrieve PostgreSQL server_version_num: no protocols available
I think this is ready for a merge. Thank you!
leafo
commented
3 years ago Thanks for the patch, I'll push out a new versioned number shortly
The underlying LuaSec SSL library allows for setting the encryption protocol to 'any' [1]. When set as such, the client negotiates the highest encryption protocol available. This
anyprotocol version setting is widely in use in the luasec repository [2].In addition, this change limits the lowest allowable ssl protocol version to a version not less than TLSv1.1.
In support of the above, the implementation is two-fold:
[1] - https://github.com/brunoos/luasec/blob/711a98b7605ad87b521ba607024947113bc1f527/CHANGELOG#L101 [2] - https://github.com/brunoos/luasec/search?q=protocol+%3D+%22any%22 [3] - https://github.com/thibaultcha/lua-cassandra/commit/b6dff880ce98e2b48da93a05bfaaa36109583453 [4] - https://github.com/thibaultcha/lua-cassandra/commit/d742d5ca844a23da487b8f33e67559ff369e62a9
Signed-off-by: Jeremy J. Miller jeremy.miller@konghq.com