pgsql/src backend/libpq/be-secure.c interfaces ... - Mailing list pgsql-committers

CVSROOT:    /cvsroot
Module name:    pgsql
Changes by:    momjian@postgresql.org    02/06/14 00:31:49

Modified files:
    src/backend/libpq: be-secure.c
    src/interfaces/libpq: fe-secure.c

Log message:
    SSL support for ephemeral DH keys.

    As the comment headers in be-secure.c discusses, EPH preserves
    confidentiality even if the static private key (which is usually
    kept unencrypted) is compromised.

    Because of the value of this, common default values are hard-coded
    to protect the confidentiality of the data even if an attacker
    successfully deletes or modifies the external file.

    Bear Giles