Quick Links

Re: Review:Patch: SSL: prefer server cipher order

From:	Marko Kreen <markokr(at)gmail(dot)com>
To:	Adrian Klaver <adrian(dot)klaver(at)gmail(dot)com>
Cc:	PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: Review:Patch: SSL: prefer server cipher order
Date:	2013-11-16 20:37:52
Message-ID:	20131116203752.GA21011@gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Thanks for testing!

On Sat, Nov 16, 2013 at 12:17:40PM -0800, Adrian Klaver wrote:
> On 11/16/2013 06:24 AM, Marko Kreen wrote:
> >ssl-better-default:
> > SSL should stay working, openssl ciphers -v 'value' should not contain
> > any weak suites (RC4, SEED, DES-CBC, EXP, NULL) and no non-authenticated
> > suites (ADH/AECDH).
>
> Not sure about the above, if it is a GUC I can't find it. If it is
> something else than I will have to plead ignorance.

The patch just changes the default value for 'ssl_ciphers' GUC.

The question is if the value works at all, and is good.

--
marko

In response to

Re: Review:Patch: SSL: prefer server cipher order at 2013-11-16 20:17:40 from Adrian Klaver

Responses

Re: Review:Patch: SSL: prefer server cipher order at 2013-11-16 21:03:05 from Adrian Klaver

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Peter Eisentraut	2013-11-16 20:55:28	Re: Wait free LW_SHARED acquisition - v0.2
Previous Message	Andrew Dunstan	2013-11-16 20:31:15	Re: pre-commit triggers