| From: | Jelte Fennema-Nio <postgres(at)jeltef(dot)nl> |
|---|---|
| To: | Erica Zhang <ericazhangy2021(at)qq(dot)com> |
| Cc: | Michael Paquier <michael(at)paquier(dot)xyz>, Peter Eisentraut <peter(at)eisentraut(dot)org>, pgsql-hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Re: Re: Add support to TLS 1.3 cipher suites and curves lists |
| Date: | 2024-06-12 08:51:45 |
| Message-ID: | CAGECzQRmouHn4UK0efPU4EpCfsmCHAxr=h4d_hwgj7qRMw_wRQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, 12 Jun 2024 at 04:32, Erica Zhang <ericazhangy2021(at)qq(dot)com> wrote:
> There are certain government, financial and other enterprise organizations that have very strict requirements about the encrypted communication and more specifically about fine grained params like the TLS ciphers and curves that they use. The default ones for those customers are not acceptable. Any products that integrate Postgres and requires encrypted communication with the Postgres would have to fulfil those requirements.
Yeah, I ran into such requirements before too. So I do think it makes
sense to have such a feature in Postgres.
> So if we can have this patch in the upcoming new major version, that means Postgres users who have similar requirements can upgrade to PG17.
As Daniel mentioned you can already achieve the same using the
"Ciphersuites" directive in openssl.conf. Also you could of course
always disable TLSv1.3 support.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | shveta malik | 2024-06-12 08:52:40 | Re: Conflict Detection and Resolution |
| Previous Message | Jelte Fennema-Nio | 2024-06-12 08:51:05 | Re: Add support to TLS 1.3 cipher suites and curves lists |