Re: [PATCH 1/2] SSL: GUC option to prefer server cipher order - Mailing list pgsql-hackers

From Alvaro Herrera
Subject Re: [PATCH 1/2] SSL: GUC option to prefer server cipher order
Date
Msg-id 20131107005732.GR5809@eldon.alvh.no-ip.org
Whole thread Raw
In response to [PATCH 1/2] SSL: GUC option to prefer server cipher order  (Marko Kreen <markokr@gmail.com>)
Responses Re: [PATCH 1/2] SSL: GUC option to prefer server cipher order
List pgsql-hackers
Marko Kreen escribió:

> By default OpenSSL (and SSL/TLS in general) lets client cipher
> order take priority.  This is OK for browsers where the ciphers
> were tuned, but few Postgres client libraries make cipher order
> configurable.  So it makes sense to make cipher order in
> postgresql.conf take priority over client defaults.
> 
> This patch adds setting 'ssl_prefer_server_ciphers' which can be
> turned on so that server cipher order is preferred.

Wouldn't it make more sense to have this enabled by default?

-- 
Álvaro Herrera                http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services



pgsql-hackers by date:

Previous
From: Steve Crawford
Date:
Subject: Documentation patch for date/time formatting functions
Next
From: Marko Kreen
Date:
Subject: Re: [PATCH 1/2] SSL: GUC option to prefer server cipher order