Home > mailing lists

Re: SSL: better default ciphersuite - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: SSL: better default ciphersuite
Date	February 23, 2014 04:31:22
Msg-id	53094F62.4010308@gmx.net Whole thread Raw
In response to	Re: SSL: better default ciphersuite (Marko Kreen <markokr@gmail.com>)
Responses	Re: SSL: better default ciphersuite (Marko Kreen <markokr@gmail.com>)
List	pgsql-hackers

Tree view

On 2/2/14, 7:16 AM, Marko Kreen wrote:
> On Thu, Dec 12, 2013 at 04:32:07PM +0200, Marko Kreen wrote:
>> Attached patch changes default ciphersuite to HIGH:MEDIUM:+3DES:!aNULL
>> and also adds documentation about reasoning for it.
> 
> This is the last pending SSL cleanup related patch:
> 
>   https://commitfest.postgresql.org/action/patch_view?id=1310
> 
> Peter, you have claimed it as committer, do you see any remaining
> issues with it?

I'm OK with this change on the principle of clarifying and refining the
existing default.  But after inspecting the expanded cipher list with
the "openssl cipher" tool, I noticed that the new default re-enabled MD5
ciphers.  Was that intentional?

pgsql-hackers by date:

From: Peter Eisentraut
Date: 23 February 2014, 03:53:28
Subject: Re: Review: tests for client programs

From: Mohsen SM
Date: 23 February 2014, 07:20:14
Subject: typemode for variable types

Re: SSL: better default ciphersuite - Mailing list pgsql-hackers

Previous

Next