From f96d45a2589c8412b12233a5a4a6c820f5b2b35a Mon Sep 17 00:00:00 2001
From: Michael Paquier <michael@paquier.xyz>
Date: Thu, 5 Dec 2019 17:26:05 +0900
Subject: [PATCH 3/3] Remove code older than OpenSSL 0.9.8 and 1.0.0

---
 doc/src/sgml/installation.sgml           | 2 +-
 src/backend/libpq/be-secure-openssl.c    | 2 --
 src/interfaces/libpq/fe-secure-openssl.c | 5 +----
 src/test/ssl/t/SSLServer.pm              | 4 ----
 4 files changed, 2 insertions(+), 11 deletions(-)

diff --git a/doc/src/sgml/installation.sgml b/doc/src/sgml/installation.sgml
index 9c10a897f1..d4904bf5a0 100644
--- a/doc/src/sgml/installation.sgml
+++ b/doc/src/sgml/installation.sgml
@@ -254,7 +254,7 @@ su - postgres
       encrypted client connections.  <productname>OpenSSL</productname> is
       also required for random number generation on platforms that do not
       have <filename>/dev/urandom</filename> (except Windows).  The minimum
-      version required is 0.9.8.
+      version required is 1.0.1.
      </para>
     </listitem>
 
diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index 629919cc6e..c065b1cd8b 100644
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -223,9 +223,7 @@ be_tls_init(bool isServerStart)
 	}
 
 	/* disallow SSL session tickets */
-#ifdef SSL_OP_NO_TICKET			/* added in OpenSSL 0.9.8f */
 	SSL_CTX_set_options(context, SSL_OP_NO_TICKET);
-#endif
 
 	/* disallow SSL session caching, too */
 	SSL_CTX_set_session_cache_mode(context, SSL_SESS_CACHE_OFF);
diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
index c71da75cfd..14d781d5ca 100644
--- a/src/interfaces/libpq/fe-secure-openssl.c
+++ b/src/interfaces/libpq/fe-secure-openssl.c
@@ -1192,15 +1192,12 @@ initialize_SSL(PGconn *conn)
 		SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, verify_cb);
 
 	/*
-	 * Set compression option if the OpenSSL version used supports it (from
-	 * 1.0.0 on).
+	 * Set compression option if necessary.
 	 */
-#ifdef SSL_OP_NO_COMPRESSION
 	if (conn->sslcompression && conn->sslcompression[0] == '0')
 		SSL_set_options(conn->ssl, SSL_OP_NO_COMPRESSION);
 	else
 		SSL_clear_options(conn->ssl, SSL_OP_NO_COMPRESSION);
-#endif
 
 	return 0;
 }
diff --git a/src/test/ssl/t/SSLServer.pm b/src/test/ssl/t/SSLServer.pm
index 26b5964f4f..005955a2ff 100644
--- a/src/test/ssl/t/SSLServer.pm
+++ b/src/test/ssl/t/SSLServer.pm
@@ -132,10 +132,6 @@ sub configure_test_server_for_ssl
 	print $conf "listen_addresses='$serverhost'\n";
 	print $conf "log_statement=all\n";
 
-	# Accept even old TLS versions so that builds with older OpenSSL
-	# can run the test suite.
-	print $conf "ssl_min_protocol_version='TLSv1'\n";
-
 	# enable SSL and set up server key
 	print $conf "include 'sslconfig.conf'\n";
 
-- 
2.24.0