From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
---|---|
To: | Peter Eisentraut <peter(at)eisentraut(dot)org> |
Cc: | pgsql-docs <pgsql-docs(at)lists(dot)postgresql(dot)org> |
Subject: | Re: Document when ssl_prefer_server_ciphers went in |
Date: | 2024-07-04 10:17:38 |
Message-ID: | E6E043F4-0F2A-4EA8-BB6D-68305A8A2522@yesql.se |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-docs |
> On 3 Jul 2024, at 11:49, Peter Eisentraut <peter(at)eisentraut(dot)org> wrote:
>
> On 03.07.24 11:23, Daniel Gustafsson wrote:
>> In the documentation for ssl_prefer_server_ciphers we only say it's not in
>> "older version" but we omit to specify it further. Since it's a fairly
>> important setting for security I think it makes sense to add the version to
>> help users, as in the small attached diff (which also adds proper markup in the
>> paragraph while in there).
>
> Looks reasonable to me.
Thanks, pushed with the wording suggested to Tom downthread.
> Would it make sense to remove the setting altogether?
I wouldn't be opposed to it, I can't think of any legitimate usecase for it
outside of testing (it's very similar to ssl_max_protocol_version in that
sense). On the other hand, it's very little code to carry and removing it
would cause churn for anyone who has it in their configuration management
system for provisioning. Maybe it would make sense to remove it from the
sample config?
--
Daniel Gustafsson
From | Date | Subject | |
---|---|---|---|
Next Message | Daniel Gustafsson | 2024-07-04 10:24:48 | Re: Bibliography reference redirects to a Forbiden page. |
Previous Message | Daniel Gustafsson | 2024-07-04 07:06:54 | Re: Joe Hellerstein's "Looking Back at Postgres" paper |