Quick Links

Re: PostgreSQL SSL params

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	pramod kg <pramod11287(at)gmail(dot)com>
Cc:	pgsql-admin(at)postgresql(dot)org
Subject:	Re: PostgreSQL SSL params
Date:	2021-06-13 15:04:35
Message-ID:	50173.1623596675@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-admin

pramod kg <pramod11287(at)gmail(dot)com> writes:
> I have enabled ssl on my PG servers and have set ssl_cipher to "HIGH".
> Still, the security team complains that weak ciphers are accepted at server
> side (They have run some security tests).

The default setting of that is

#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers

Perhaps the problem is your ill-advised removal of the !aNULL part.

regards, tom lane

In response to

PostgreSQL SSL params at 2021-06-13 14:20:45 from pramod kg

Responses

Re: PostgreSQL SSL params at 2021-06-14 03:43:31 from pramod kg

Browse pgsql-admin by date

	From	Date	Subject
Next Message	Nikhil Shetty	2021-06-13 15:11:21	Re: vacuumdb idle processes
Previous Message	pramod kg	2021-06-13 14:20:45	PostgreSQL SSL params