You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Postgres has configuration flags that let you set the minimum and the maximum TLS versions. I am thinking about implementing this with logic like this:
min_version = conn->ssl_min_version or 'TLS 1.2'
max_version = conn->ssl_max_version or None
versions = []
for version in rustls_tls_versions:
if version >= min_version and (max_version is None or version <= max_version):
versions.push(version)
rustls_client_config_builder_set_versions(versions)
The question is how to implement rustls_tls_versions... I can define all of the constants myself, in an array, but then if rustls adds TLS1.4, or TLS2, my array is going to be out of date, and people can't select a higher version, even if rustls can negotiate it..
It might be better if rustls-ffi declares an array containing all of the TLS versions. I can use that in my code to ensure that I'm not accidentally bounding the maximum TLS version that can be negotiated.
Alternatively, rustls-ffi could have a function that accepts a minimum and a maximum and returns me a uint16_t*.
The text was updated successfully, but these errors were encountered:
Postgres has configuration flags that let you set the minimum and the maximum TLS versions. I am thinking about implementing this with logic like this:
The question is how to implement
rustls_tls_versions... I can define all of the constants myself, in an array, but then if rustls adds TLS1.4, or TLS2, my array is going to be out of date, and people can't select a higher version, even if rustls can negotiate it..It might be better if rustls-ffi declares an array containing all of the TLS versions. I can use that in my code to ensure that I'm not accidentally bounding the maximum TLS version that can be negotiated.
Alternatively, rustls-ffi could have a function that accepts a minimum and a maximum and returns me a
uint16_t*.The text was updated successfully, but these errors were encountered: