| From: | pramod kg <pramod11287(at)gmail(dot)com> |
|---|---|
| To: | pgsql-admin(at)postgresql(dot)org |
| Subject: | PostgreSQL SSL params |
| Date: | 2021-06-13 14:20:45 |
| Message-ID: | CAHkcXnx4vZvYcYYkNFiZ3MXgNJq=Jw+iT_LnT0+H==8ri6AJ4g@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Hi,
I have enabled ssl on my PG servers and have set ssl_cipher to "HIGH".
Still, the security team complains that weak ciphers are accepted at server
side (They have run some security tests). Security team suggesting to use
ssl_dh_params_file.
As per my understanding, DH is a key exchange protocol (read in some
forum). DH is used to securely generate a common key between two parties,
other algorithms are used for encryption itself. So I believe that dhparam
does not help in resolving weak cipher issues. Need some insight on this.
Also, Are there any changes required at client side to connect to the
database if ssl_dh_params_file is set at server side?
how to make sure that PG accepts only high ciphers? Please suggest.
Note: I have installed PG version 13.1 on a few servers and 13.3 on a few
servers.
Regards,
Pramod
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2021-06-13 15:04:35 | Re: PostgreSQL SSL params |
| Previous Message | Jeff Janes | 2021-06-13 14:09:37 | Re: vacuumdb idle processes |