On 11/09/2017 03:27 AM, Graham Leggett wrote:
> Is there a parameter or mechanism for setting the required ssl cipher list from the client side?
I don't believe so. That is controlled by ssl_ciphers, which requires a
restart in order to change.
https://www.postgresql.org/docs/10/static/runtime-config-connection.html#GUC-SSL-CIPHERS
select name,setting,context from pg_settings where name like '%ssl%'; name | setting
| context
---------------------------+--------------------------+------------ssl | off
|postmasterssl_ca_file | | postmasterssl_cert_file | server.crt
| postmasterssl_ciphers | HIGH:MEDIUM:+3DES:!aNULL | postmasterssl_crl_file |
| postmasterssl_ecdh_curve | prime256v1 | postmasterssl_key_file
|server.key | postmasterssl_prefer_server_ciphers | on | postmaster
(8 rows)
HTH,
Joe
--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development