Postgres Pro
Downloads
Home   >   mailing lists

Re: [HACKERS] libpq connection strings: control over the ciphersuites? - Mailing list pgsql-hackers

From Joe Conway
Subject Re: [HACKERS] libpq connection strings: control over the ciphersuites?
Date
Msg-id 16ac3573-1c73-3336-ae63-9adc3c5f033c@joeconway.com
Whole thread Raw
In response to [HACKERS] libpq connection strings: control over the cipher suites?  (Graham Leggett <minfrin@sharp.fm>)
Responses Re: [HACKERS] libpq connection strings: control over the cipher suites?  (Michael Paquier <michael.paquier@gmail.com>)
List pgsql-hackers
Tree view 
On 11/09/2017 03:27 AM, Graham Leggett wrote:
> Is there a parameter or mechanism for setting the required ssl cipher list from the client side?

I don't believe so. That is controlled by ssl_ciphers, which requires a
restart in order to change.

https://www.postgresql.org/docs/10/static/runtime-config-connection.html#GUC-SSL-CIPHERS

select name,setting,context from pg_settings where name like '%ssl%';          name            |         setting
 |  context 
---------------------------+--------------------------+------------ssl                       | off
|postmasterssl_ca_file               |                          | postmasterssl_cert_file             | server.crt
        | postmasterssl_ciphers               | HIGH:MEDIUM:+3DES:!aNULL | postmasterssl_crl_file              |
                 | postmasterssl_ecdh_curve            | prime256v1               | postmasterssl_key_file
|server.key               | postmasterssl_prefer_server_ciphers | on                       | postmaster 
(8 rows)

HTH,

Joe

--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development

pgsql-hackers by date:

Previous
From: Peter Geoghegan
Date:
Subject: Re: [HACKERS] pageinspect option to forgo buffer locking?
Next
From: Robert Haas
Date:
Subject: Re: [HACKERS] pageinspect option to forgo buffer locking?