Home > mailing lists

Re: [PATCH 1/2] SSL: GUC option to prefer server cipher order - Mailing list pgsql-hackers

From	Alvaro Herrera
Subject	Re: [PATCH 1/2] SSL: GUC option to prefer server cipher order
Date	November 7, 2013 03:57:43
Msg-id	20131107005732.GR5809@eldon.alvh.no-ip.org Whole thread Raw
In response to	[PATCH 1/2] SSL: GUC option to prefer server cipher order (Marko Kreen <markokr@gmail.com>)
Responses	Re: [PATCH 1/2] SSL: GUC option to prefer server cipher order (Marko Kreen <markokr@gmail.com>)
List	pgsql-hackers

Tree view

Marko Kreen escribió:

> By default OpenSSL (and SSL/TLS in general) lets client cipher
> order take priority.  This is OK for browsers where the ciphers
> were tuned, but few Postgres client libraries make cipher order
> configurable.  So it makes sense to make cipher order in
> postgresql.conf take priority over client defaults.
> 
> This patch adds setting 'ssl_prefer_server_ciphers' which can be
> turned on so that server cipher order is preferred.

Wouldn't it make more sense to have this enabled by default?

-- 
Álvaro Herrera                http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services

pgsql-hackers by date:

From: Steve Crawford
Date: 07 November 2013, 03:14:05
Subject: Documentation patch for date/time formatting functions

From: Marko Kreen
Date: 07 November 2013, 04:07:53
Subject: Re: [PATCH 1/2] SSL: GUC option to prefer server cipher order

Re: [PATCH 1/2] SSL: GUC option to prefer server cipher order - Mailing list pgsql-hackers

Previous

Next