| From: | Yambu <hyambu(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Pgsql-admin <pgsql-admin(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: change TLS version in postgres |
| Date: | 2021-06-21 03:02:20 |
| Message-ID: | CALhHtcB5ZobJPuiCZH02zSHeP+g5LE5UxwCYduDp6bLrgYH8yg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Thank you Tom
On Mon, Jun 21, 2021 at 12:24 AM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Yambu <hyambu(at)gmail(dot)com> writes:
> > I'm using postgres version 10, may i know how to change the tls version
> > from 1.0 to a higher version?
>
> If you have a new enough OpenSSL library, it should automatically
> prefer more recent protocol versions.
>
> If what you're concerned about is actively preventing use of lower
> protocol versions, the only way to do that within PG itself is the
> ssl_min_protocol_version setting, which exists in v12 and later.
> However, you ought to be able to achieve the same effect by
> adjusting the system-wide OpenSSL configuration: set
> MinProtocol=TLSv1.2 in openssl.cnf (wherever that is on your
> machine). You might find your distro already did that, btw.
>
> I am not sure, but it might be possible to use a private openssl
> config file if you want to only affect Postgres and not other
> daemons on the machine. See the OpenSSL documentation.
>
> regards, tom lane
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sirop L | 2021-06-21 11:37:27 | pgadmin4 doesn't work since v5.0 on Windows |
| Previous Message | Tom Lane | 2021-06-20 22:24:54 | Re: change TLS version in postgres |