From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
Cc: | Andreas Karlsson <andreas(at)proxel(dot)se>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Jeff Janes <jeff(dot)janes(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: [HACKERS] GnuTLS support |
Date: | 2018-01-17 17:39:40 |
Message-ID: | 9377.1516210780@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> writes:
> Question for the group: We currently have a number of config settings
> named ssl_*. Some of these are specific to OpenSSL, some are not, namely:
> # general
> ssl
> ssl_dh_params_file
> ssl_cert_file
> ssl_key_file
> ssl_ca_file
> ssl_crl_file
> # OpenSSL
> ssl_ciphers
> ssl_prefer_server_ciphers
> ssl_ecdh_curve
> # GnuTLS (proposed)
> gnutls_priorities
> (effectively a combination of ssl_ciphers and ssl_prefer_server_ciphers)
> Should we rename the OpenSSL-specific settings to openssl_*?
> It think it would be better for clarity, and they are not set very
> commonly, so the user impact would be low.
Yeah, I think only the "general" parameters would be set by very
many people. +1 for renaming the OpenSSL-only parameters.
I don't know too much about the internals here, so looking at your
list, I wonder whether "ssl_dh_params_file" ought to be treated as
implementation-specific too. The other four files seem essential
to any feature-complete implementation, but is that one?
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Eisentraut | 2018-01-17 17:49:32 | Re: Package version in PG_VERSION and version() |
Previous Message | Victor Wagner | 2018-01-17 17:36:48 | Re: master make check fails on Solaris 10 |