On 1/17/18 13:18, Tom Lane wrote:
>> The proposed GnuTLS patch does make use of ssl_dh_params_file.
>
> Right, but what happens if say macTLS doesn't?
The previously proposed patch for that also makes use of ssl_dh_params_file.
So while we can't guarantee that this will be the case for all TLS
implementations ever, this is a pretty good indicator to me that it is
an implementation-independent concept.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services