| From: | Joe Conway <mail(at)joeconway(dot)com> |
|---|---|
| To: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
| Cc: | Graham Leggett <minfrin(at)sharp(dot)fm>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: libpq connection strings: control over the cipher suites? |
| Date: | 2017-11-09 23:19:12 |
| Message-ID: | a7783475-b698-013d-ff0b-3ae4449a423f@joeconway.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 11/09/2017 03:17 PM, Michael Paquier wrote:
> On Fri, Nov 10, 2017 at 2:53 AM, Joe Conway <mail(at)joeconway(dot)com> wrote:
>> On 11/09/2017 03:27 AM, Graham Leggett wrote:
>>> Is there a parameter or mechanism for setting the required ssl cipher list from the client side?
>>
>> I don't believe so. That is controlled by ssl_ciphers, which requires a
>> restart in order to change.
>>
>> https://www.postgresql.org/docs/10/static/runtime-config-connection.html#GUC-SSL-CIPHERS
>
> Since commit de41869 present in v10, SSL parameters can be reloaded.
Oh, cool, I must have missed that -- thanks!
Joe
--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeff Janes | 2017-11-09 23:55:36 | Re: pg_basebackup --progress output for batch execution |
| Previous Message | Tom Lane | 2017-11-09 23:18:42 | Re: Simplify ACL handling for large objects and removal of superuser() checks |