| From: | "Dr(dot) Andreas Kunert" <kunert(at)cms(dot)hu-berlin(dot)de> |
|---|---|
| To: | Marko Kreen <markokr(at)gmail(dot)com>, Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Feature request: Logging SSL connections |
| Date: | 2013-12-06 10:43:55 |
| Message-ID: | 52A1AA6B.3010602@cms.hu-berlin.de |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
>> That seems useful. Do we need more information, like whether a client
>> certificate was presented, or what ciphers were used?
>
> Yes, please show ciphersuite and TLS version too. Andreas, you can use my
> recent \conninfo patch as template:
>
> https://github.com/markokr/postgres/commit/7d1b27ac74643abd15007cc4ec0b56ba92b39d90
>
> Also, please show the SSL level also for walsender connections. It's
> quite important to know whether they are using SSL or not.
>
> But I think the 'bits' output is unnecessary, as it's cipher strength
> is known by ciphersuite. Perhaps it can be removed from \conninfo too.
A new patch is attached. I added the ciphersuite and TLS version like
shown in your template (minus the 'bits' output). I also added the SSL
information for walsender connections, but due to a missing test setup I
cannot test that part.
Anything else missing?
--
Andreas
| Attachment | Content-Type | Size |
|---|---|---|
| log.patch | text/x-patch | 1.2 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Hannu Krosing | 2013-12-06 11:28:36 | Re: [PATCH] Add transforms feature |
| Previous Message | Dimitri Fontaine | 2013-12-06 10:28:32 | Re: [PATCH] Add transforms feature |