On Sun, Jun 17, 2012 at 4:45 PM, Magnus Hagander <magnus@hagander.net> wrote:
> On Sun, Jun 17, 2012 at 11:42 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> Magnus Hagander <magnus@hagander.net> writes:
>>> Is there a reason why we don't have a parameter on the client
>>> mirroring ssl_ciphers?
>>
>> Dunno, do we need one? I am not sure what the cipher negotiation process
>> looks like or which side has the freedom to choose.
>
> I haven't looked into the details, but it seems reasonable that
> *either* side should be able to at least define a list of ciphers it
> *doens't* want to talk with.
>
> Do we need it - well, it makes sense for the client to be able to say
> "I won't trust 56-bit encryption" before it sends over the password,
> imo..
I would certainly like to see that.
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
