Home > mailing lists

Re: [HACKERS] libpq connection strings: control over the cipher suites? - Mailing list pgsql-hackers

From	Michael Paquier
Subject	Re: [HACKERS] libpq connection strings: control over the cipher suites?
Date	November 10, 2017 05:17:11
Msg-id	CAB7nPqS0Z36nEc0qqgC8JWdUDQew5fR05QaLvx9yWNteKdGb1Q@mail.gmail.com Whole thread Raw
In response to	Re: [HACKERS] libpq connection strings: control over the ciphersuites? (Joe Conway <mail@joeconway.com>)
Responses	Re: [HACKERS] libpq connection strings: control over the ciphersuites? (Joe Conway <mail@joeconway.com>)
List	pgsql-hackers

Tree view

On Fri, Nov 10, 2017 at 2:53 AM, Joe Conway <mail@joeconway.com> wrote:
> On 11/09/2017 03:27 AM, Graham Leggett wrote:
>> Is there a parameter or mechanism for setting the required ssl cipher list from the client side?
>
> I don't believe so. That is controlled by ssl_ciphers, which requires a
> restart in order to change.
>
> https://www.postgresql.org/docs/10/static/runtime-config-connection.html#GUC-SSL-CIPHERS

Since commit de41869 present in v10, SSL parameters can be reloaded.
On libpq there is only an API to have a look at what are the ciphers
set by the server via PQsslAttribute().
-- 
Michael


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

pgsql-hackers by date:

From: Michael Paquier
Date: 10 November 2017, 05:11:33
Subject: Re: [HACKERS] Simplify ACL handling for large objects and removal ofsuperuser() checks

From: Tom Lane
Date: 10 November 2017, 05:18:42
Subject: Re: [HACKERS] Simplify ACL handling for large objects and removal of superuser() checks

Re: [HACKERS] libpq connection strings: control over the cipher suites? - Mailing list pgsql-hackers

Previous

Next