From: | Marko Kreen <markokr(at)gmail(dot)com> |
---|---|
To: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: [PATCH 1/2] SSL: GUC option to prefer server cipher order |
Date: | 2013-11-07 01:07:45 |
Message-ID: | 20131107010745.GA9968@gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Wed, Nov 06, 2013 at 09:57:32PM -0300, Alvaro Herrera wrote:
> Marko Kreen escribió:
>
> > By default OpenSSL (and SSL/TLS in general) lets client cipher
> > order take priority. This is OK for browsers where the ciphers
> > were tuned, but few Postgres client libraries make cipher order
> > configurable. So it makes sense to make cipher order in
> > postgresql.conf take priority over client defaults.
> >
> > This patch adds setting 'ssl_prefer_server_ciphers' which can be
> > turned on so that server cipher order is preferred.
>
> Wouldn't it make more sense to have this enabled by default?
Well, yes. :)
I would even drop the GUC setting, but hypothetically there could
be some sort of backwards compatiblity concerns, so I added it
to patch and kept old default. But if noone has strong need for it,
the setting can be removed.
--
marko
From | Date | Subject | |
---|---|---|---|
Next Message | Michael Paquier | 2013-11-07 02:46:24 | Re: Documentation patch for date/time formatting functions |
Previous Message | Alvaro Herrera | 2013-11-07 00:57:32 | Re: [PATCH 1/2] SSL: GUC option to prefer server cipher order |