Re: [PATCH 1/2] SSL: GUC option to prefer server cipher order

From: Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>
To: Marko Kreen <markokr(at)gmail(dot)com>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: [PATCH 1/2] SSL: GUC option to prefer server cipher order
Date: 2013-11-07 00:57:32
Message-ID: 20131107005732.GR5809@eldon.alvh.no-ip.org
Views: Whole Thread | Raw Message | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Marko Kreen escribió:

> By default OpenSSL (and SSL/TLS in general) lets client cipher
> order take priority. This is OK for browsers where the ciphers
> were tuned, but few Postgres client libraries make cipher order
> configurable. So it makes sense to make cipher order in
> postgresql.conf take priority over client defaults.
>
> This patch adds setting 'ssl_prefer_server_ciphers' which can be
> turned on so that server cipher order is preferred.

Wouldn't it make more sense to have this enabled by default?

--
Álvaro Herrera http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Marko Kreen 2013-11-07 01:07:45 Re: [PATCH 1/2] SSL: GUC option to prefer server cipher order
Previous Message Steve Crawford 2013-11-07 00:14:01 Documentation patch for date/time formatting functions