Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1wLFWr-001eV9-1S
	for pgsql-hackers@arkaria.postgresql.org;
	Fri, 08 May 2026 07:21:45 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1wLFWq-008Vz0-0f
	for pgsql-hackers@arkaria.postgresql.org;
	Fri, 08 May 2026 07:21:44 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <daniel@yesql.se>)
	id 1wLFWp-008Vxn-2y
	for pgsql-hackers@lists.postgresql.org;
	Fri, 08 May 2026 07:21:43 +0000
Received: from smtp.outgoing.loopia.se ([93.188.3.37])
	by makus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.98.2)
	(envelope-from <daniel@yesql.se>)
	id 1wLFWm-00000000ljG-1kfm
	for pgsql-hackers@lists.postgresql.org;
	Fri, 08 May 2026 07:21:42 +0000
Received: from s807.loopia.se (localhost [127.0.0.1])
	by s807.loopia.se (Postfix) with ESMTP id 48A455C579C
	for <pgsql-hackers@lists.postgresql.org>;
 Fri, 08 May 2026 09:21:38 +0200 (CEST)
Received: from s981.loopia.se (unknown [172.22.191.6])
	by s807.loopia.se (Postfix) with ESMTP id 39A645C64C5;
	Fri, 08 May 2026 09:21:38 +0200 (CEST)
Received: from localhost (unknown [172.22.191.5])
	by s981.loopia.se (Postfix) with ESMTP id 33A8C22B165C;
	Fri, 08 May 2026 09:21:38 +0200 (CEST)
X-Virus-Scanned: amavis at amavis.loopia.se
X-Spam-Flag: NO
X-Spam-Score: -1.2
X-Spam-Level: 
X-Spam-Status: No, score=-1.2 tagged_above=-999 required=6.2
 tests=[ALL_TRUSTED=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
 DKIM_VALID_EF=-0.1] autolearn=disabled
Authentication-Results: s471.loopia.se (amavis); dkim=pass (2048-bit key)
 header.d=yesql.se
Received: from s980.loopia.se ([172.22.191.6])
 by localhost (s471.loopia.se [172.22.190.35]) (amavis, port 10024) with LMTP
 id B5Wf-pro3Add; Fri,  8 May 2026 09:21:37 +0200 (CEST)
X-Loopia-Auth: user
X-Loopia-User: daniel@yesql.se
X-Loopia-Originating-IP: 89.255.232.236
Received: from smtpclient.apple (customer-89-255-232-236.stosn.net
 [89.255.232.236])
	(Authenticated sender: daniel@yesql.se)
	by s980.loopia.se (Postfix) with ESMTPSA id B0C7F2201651;
	Fri, 08 May 2026 09:21:37 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yesql.se;
	s=loopiadkim1707475645; t=1778224897;
	bh=257okDNyWcAG1KFQRt4pzHnosHWuOSA+a6kOvSRFn5M=;
	h=Subject:From:In-Reply-To:Date:Cc:References:To;
	b=i1aM3VQUBIedZbPLbdI/BFSI0IQ5b8gkhhnQbHavejEPhhGKF5ZepDod4yhgXr+Yp
	 yRYycEhRvyHZMb5bOq4zVT0fde+BnjkFkiAvEOCuEpxE2XaQLwBoH13RfflOBolEgL
	 0t9lCJ9c2AWd226tDgsE8lEcfyb57ilu0fJBBFXwzqwXLCTjGjNPO9klC6IpHCCYBR
	 ZbkX4QdZYdbiSlI4LmSfgZ+oE30QqoVx00XQ+QpYlKfjwTX55tdFWEa/keaBpSS66v
	 6H4TWE8TX0WM5+r/C9xpQMPPmNOGb1wWf+VLMKd5DZsVst1zqiTmOkAsaGFKtXdGhY
	 XAHXlPygjxFPA==
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3776.700.51.11.2\))
Subject: Re: PostgreSQL and OpenSSL 4.0.0
From: Daniel Gustafsson <daniel@yesql.se>
In-Reply-To: <af2ODKxUkLzFIiuX@paquier.xyz>
Date: Fri, 8 May 2026 09:21:25 +0200
Cc: Tom Lane <tgl@sss.pgh.pa.us>,
 PostgreSQL-development <pgsql-hackers@lists.postgresql.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <95045A62-9A81-4AD8-BA25-D8648BD68499@yesql.se>
References: <066B07BB-85FA-487C-BE8C-40F791CFC3C4@yesql.se>
 <aeKrQfeyDLVE3cmw@paquier.xyz>
 <65C5DC15-DE27-4D36-8AEE-A854C23B3834@yesql.se>
 <af0OcVKUaAMW1RaR@paquier.xyz> <898414.1778192534@sss.pgh.pa.us>
 <1A5104C0-E9EF-4D90-9627-23D3D909104B@yesql.se>
 <af2ODKxUkLzFIiuX@paquier.xyz>
To: Michael Paquier <michael@paquier.xyz>
X-Mailer: Apple Mail (2.3776.700.51.11.2)
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/95045A62-9A81-4AD8-BA25-D8648BD68499%40yesql.se>
Precedence: bulk

> On 8 May 2026, at 09:17, Michael Paquier <michael@paquier.xyz> wrote:
>=20
> On Fri, May 08, 2026 at 09:07:41AM +0200, Daniel Gustafsson wrote:
>> Not sure I follow, anyone still building with a X years out of =
support OpenSSL
>> will most likely keep doing so regardless of what CVE's are =
published.  It
>> could of course make backpatching trickier if thats what you mean?
>=20
> Argh.  I've misread you here, reading a "lowest" rather than
> "highest".   Documenting that 3.6 is the highest version support on=20
> 14-stable would also work here.  My apologies for the confusion.

Ah, now it makes more sense =3D)

> If the patches for REL_14_STABLE to add support for 4.0 prove to be
> low-risk while messing with 1.0.1, that would the best course of
> action, of course.

I think the changes are straightforward enough that we can go ahead with =
them.
I'll re-test and re-post a new patchset for all branches once the minors =
ship.

--
Daniel Gustafsson