| From: | Peter Eisentraut <peter(at)eisentraut(dot)org> |
|---|---|
| To: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>, Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | Erica Zhang <ericazhangy2021(at)qq(dot)com>, Andres Freund <andres(at)anarazel(dot)de>, Jelte Fennema-Nio <postgres(at)jeltef(dot)nl>, pgsql-hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Add support to TLS 1.3 cipher suites and curves lists |
| Date: | 2024-09-25 08:51:05 |
| Message-ID: | cea2e1b6-69c4-4796-99e5-32c87040d1a6@eisentraut.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 18.09.24 22:48, Jacob Champion wrote:
>> +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed TLSv1.2 ciphers
>> +#ssl_cipher_suites = '' # allowed TLSv1.3 cipher suites, blank for default
> After marinating on this a bit... I think the naming may result in
> some "who's on first" miscommunications in forums and on the list. "I
> set the SSL ciphers to <whatever>, but it says there are no valid
> ciphers available!" Should we put TLS 1.3 into the new GUC name
> somehow?
Yeah, I think just
ssl_ciphers =
ssl_ciphers_tlsv13 =
would be clear enough. Just using "ciphers" vs. "cipher suites" would
not be.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Hayato Kuroda (Fujitsu) | 2024-09-25 09:39:49 | RE: Clock-skew management in logical replication |
| Previous Message | Amit Kapila | 2024-09-25 08:36:44 | Re: Documentation to upgrade logical replication cluster |