Re: [HACKERS] libpq connection strings: control over the cipher suites? - Mailing list pgsql-hackers

From Michael Paquier
Subject Re: [HACKERS] libpq connection strings: control over the cipher suites?
Date
Msg-id CAB7nPqS0Z36nEc0qqgC8JWdUDQew5fR05QaLvx9yWNteKdGb1Q@mail.gmail.com
Whole thread Raw
In response to Re: [HACKERS] libpq connection strings: control over the ciphersuites?  (Joe Conway <mail@joeconway.com>)
Responses Re: [HACKERS] libpq connection strings: control over the ciphersuites?
List pgsql-hackers
On Fri, Nov 10, 2017 at 2:53 AM, Joe Conway <mail@joeconway.com> wrote:
> On 11/09/2017 03:27 AM, Graham Leggett wrote:
>> Is there a parameter or mechanism for setting the required ssl cipher list from the client side?
>
> I don't believe so. That is controlled by ssl_ciphers, which requires a
> restart in order to change.
>
> https://www.postgresql.org/docs/10/static/runtime-config-connection.html#GUC-SSL-CIPHERS

Since commit de41869 present in v10, SSL parameters can be reloaded.
On libpq there is only an API to have a look at what are the ciphers
set by the server via PQsslAttribute().
-- 
Michael


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

pgsql-hackers by date:

Previous
From: Michael Paquier
Date:
Subject: Re: [HACKERS] Simplify ACL handling for large objects and removal ofsuperuser() checks
Next
From: Tom Lane
Date:
Subject: Re: [HACKERS] Simplify ACL handling for large objects and removal of superuser() checks