| From: | Ehtesham Pradhan <ehtesham(dot)pradhan(at)lookout(dot)com> |
|---|---|
| To: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | TLS 1.0 |
| Date: | 2021-08-06 09:08:58 |
| Message-ID: | CAMr8OH9u+RT7BbhZM4+BKf_aZDtM0Ku+EZJsoWWArHweqRyV0w@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi Team,
Our client is using Version : PostgreSQL 9.6.17 , they have done vulnerability
assessment and found that :
- TLS version 1.0 Protocol detection
- The remote service encrypt traffic with older version of TLS
We suggested the below changes in PostgresSQL.conf
ssl_ciphers = 'HIGH:!aNULL' *OR *ssl_ciphers = 'HIGH:TLSv1.2:!aNULL'
ssl_prefer_server_ciphers = on
ssl_ecdh_curve = 'prime256v1'
But the scan report is still the same. Can you please guide with the
configuration in the present Postgres version to remediate it.
Thanks
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2021-08-06 13:50:34 | Re: psql's default database on connect (our internal ref. SRP-30861) |
| Previous Message | hubert depesz lubaczewski | 2021-08-06 08:06:39 | Re: psql's default database on connect (our internal ref. SRP-30861) |