diff options
| -rw-r--r-- | doc/src/sgml/libpq.sgml | 6 | ||||
| -rw-r--r-- | src/interfaces/libpq/fe-connect.c | 2 |
2 files changed, 4 insertions, 4 deletions
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index dfc292872a9..ea1909c08dc 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -1745,9 +1745,9 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname <literal>TLSv1.1</literal>, <literal>TLSv1.2</literal> and <literal>TLSv1.3</literal>. The supported protocols depend on the version of <productname>OpenSSL</productname> used, older versions - not supporting the most modern protocol versions. If not set, this - parameter is ignored and the connection will use the minimum bound - defined by the backend. + not supporting the most modern protocol versions. If not specified, + the default is <literal>TLSv1.2</literal>, which satisfies industry + best practices as of this writing. </para> </listitem> </varlistentry> diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c index ae4a32e45b2..fcd2457116b 100644 --- a/src/interfaces/libpq/fe-connect.c +++ b/src/interfaces/libpq/fe-connect.c @@ -320,7 +320,7 @@ static const internalPQconninfoOption PQconninfoOptions[] = { "Require-Peer", "", 10, offsetof(struct pg_conn, requirepeer)}, - {"ssl_min_protocol_version", "PGSSLMINPROTOCOLVERSION", NULL, NULL, + {"ssl_min_protocol_version", "PGSSLMINPROTOCOLVERSION", "TLSv1.2", NULL, "SSL-Minimum-Protocol-Version", "", 8, /* sizeof("TLSv1.x") == 8 */ offsetof(struct pg_conn, ssl_min_protocol_version)}, |