| From: | Marko Kreen <markokr(at)gmail(dot)com> |
|---|---|
| To: | Adrian Klaver <adrian(dot)klaver(at)gmail(dot)com> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Review:Patch: SSL: prefer server cipher order |
| Date: | 2013-11-16 22:41:57 |
| Message-ID: | 20131116224157.GA3958@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sat, Nov 16, 2013 at 02:07:57PM -0800, Adrian Klaver wrote:
> On 11/16/2013 01:13 PM, Marko Kreen wrote:
> > https://commitfest.postgresql.org/action/patch_view?id=1310
>
> Got it, applied it.
>
> Results:
>
> openssl ciphers -v 'HIGH:!aNULL'|egrep
> '(RC4|SEED|DES-CBC|EXP|NULL|ADH|AECDH)'
>
> ECDHE-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA1
> ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1
> EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
> EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
> ECDH-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1
> ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1
> DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
> DES-CBC3-MD5 SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5
DES-CBC3 is 3DES, which is fine. Plain DES-CBC would be bad.
If you don't see any other issues perhaps they are ready for committer?
--
marko
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adrian Klaver | 2013-11-16 22:54:22 | Re: Review:Patch: SSL: prefer server cipher order |
| Previous Message | Adrian Klaver | 2013-11-16 22:07:57 | Re: Review:Patch: SSL: prefer server cipher order |