| From: | Marko Kreen <markokr(at)gmail(dot)com> |
|---|---|
| To: | Adrian Klaver <adrian(dot)klaver(at)gmail(dot)com> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Review:Patch: SSL: prefer server cipher order |
| Date: | 2013-11-16 21:13:56 |
| Message-ID: | 20131116211356.GA23666@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sat, Nov 16, 2013 at 01:03:05PM -0800, Adrian Klaver wrote:
> On 11/16/2013 12:37 PM, Marko Kreen wrote:
> >Thanks for testing!
> >
> >On Sat, Nov 16, 2013 at 12:17:40PM -0800, Adrian Klaver wrote:
> >>On 11/16/2013 06:24 AM, Marko Kreen wrote:
> >>>ssl-better-default:
> >>> SSL should stay working, openssl ciphers -v 'value' should not contain
> >>> any weak suites (RC4, SEED, DES-CBC, EXP, NULL) and no non-authenticated
> >>> suites (ADH/AECDH).
> >>
> >>Not sure about the above, if it is a GUC I can't find it. If it is
> >>something else than I will have to plead ignorance.
> >
> >The patch just changes the default value for 'ssl_ciphers' GUC.
>
> I am still not sure what patch you are talking about. The two
> patches I saw where for server_prefer and ECDH key exchange.
>
> >
> >The question is if the value works at all, and is good.
> >
>
> What value would we be talking about?
Ah, sorry. It's this one:
https://commitfest.postgresql.org/action/patch_view?id=1310
> Note: I have been working through a head cold and thought processes
> are sluggish, handle accordingly:)
Get better soon! :)
--
marko
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David E. Wheeler | 2013-11-16 21:30:48 | Re: additional json functionality |
| Previous Message | Adrian Klaver | 2013-11-16 21:03:05 | Re: Review:Patch: SSL: prefer server cipher order |