Home > mailing lists

Re: SSL Connection still showing TLSv1.3 even it is disabled in ssl_ciphers - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: SSL Connection still showing TLSv1.3 even it is disabled in ssl_ciphers
Date	August 5, 2019 17:11:12
Msg-id	12204.1565014272@sss.pgh.pa.us Whole thread Raw
In response to	SSL Connection still showing TLSv1.3 even it is disabled inssl_ciphers (tushar <tushar.ahuja@enterprisedb.com>)
List	pgsql-hackers

Tree view

tushar <tushar.ahuja@enterprisedb.com> writes:
> when  i connect to psql terminal -

> psql.bin (10.9)
> SSL connection (protocol: TLSv1.3, cipher: *TLS_AES_256_GCM_SHA384*, 
> bits: 256, compression: off)
> Type "help" for help.

> postgres=# show ssl_ciphers ;
>                   ssl_ciphers
> ----------------------------------------------
>   TLSv1.2:!aNULL:!SSLv2:!SSLv3:!TLSv1:!TLSv1.3
> (1 row)

My guess is that OpenSSL ignored your ssl_ciphers setting on the
grounds that it's stupid to reject all possible ciphers.
In any case, this would be something to raise with them not us.
PG does nothing with that value except pass it to SSL_CTX_set_cipher_list.

            regards, tom lane

pgsql-hackers by date:

From: Alvaro Herrera
Date: 05 August 2019, 17:07:06
Subject: Re: Problem with default partition pruning

From: Stephen Frost
Date: 05 August 2019, 17:21:39
Subject: Re: [PATCH] Stop ALTER SYSTEM from making bad assumptions

Re: SSL Connection still showing TLSv1.3 even it is disabled in ssl_ciphers - Mailing list pgsql-hackers

Previous

Next