Home > mailing lists

Re: Review:Patch: SSL: prefer server cipher order - Mailing list pgsql-hackers

From	Marko Kreen
Subject	Re: Review:Patch: SSL: prefer server cipher order
Date	November 16, 2013 23:38:02
Msg-id	20131116203752.GA21011@gmail.com Whole thread Raw
In response to	Re: Review:Patch: SSL: prefer server cipher order (Adrian Klaver <adrian.klaver@gmail.com>)
Responses	Re: Review:Patch: SSL: prefer server cipher order (Adrian Klaver <adrian.klaver@gmail.com>)
List	pgsql-hackers

Tree view

Thanks for testing!

On Sat, Nov 16, 2013 at 12:17:40PM -0800, Adrian Klaver wrote:
> On 11/16/2013 06:24 AM, Marko Kreen wrote:
> >ssl-better-default:
> >   SSL should stay working, openssl ciphers -v 'value' should not contain
> >   any weak suites (RC4, SEED, DES-CBC, EXP, NULL) and no non-authenticated
> >   suites (ADH/AECDH).
> 
> Not sure about the above, if it is a GUC I can't find it. If it is
> something else than I will have to plead ignorance.

The patch just changes the default value for 'ssl_ciphers' GUC.

The question is if the value works at all, and is good.

-- 
marko

pgsql-hackers by date:

From: Andrew Dunstan
Date: 16 November 2013, 23:31:27
Subject: Re: pre-commit triggers

From: Peter Eisentraut
Date: 16 November 2013, 23:55:35
Subject: Re: Wait free LW_SHARED acquisition - v0.2

Re: Review:Patch: SSL: prefer server cipher order - Mailing list pgsql-hackers

Previous

Next