| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Cc: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Christoph Berg <myon(at)debian(dot)org>, Nicolas Guini <nicolasguini(at)gmail(dot)com>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>, Damian Quiroga <qdamian(at)gmail(dot)com> |
| Subject: | Re: PostgreSQL - Weak DH group |
| Date: | 2017-07-13 18:30:25 |
| Message-ID: | 10598.1499970625@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Heikki Linnakangas <hlinnaka(at)iki(dot)fi> writes:
> I don't think this can be backpatched. It changes the default DH
> parameters from 1024 bits to 2048 bits. That's a good thing for
> security, but older clients might not support it, and would refuse to
> connect or would fall back to something less secure.
Do we have any hard information about which versions of which clients
might not support that? (In particular I'm wondering if any still exist
in the wild.)
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2017-07-13 19:13:33 | Re: PostgreSQL - Weak DH group |
| Previous Message | Tom Lane | 2017-07-13 18:27:39 | CAST vs :: |