Home > mailing lists

Re: [HACKERS] libpq connection strings: control over the ciphersuites? - Mailing list pgsql-hackers

From	Joe Conway
Subject	Re: [HACKERS] libpq connection strings: control over the ciphersuites?
Date	November 10, 2017 05:19:12
Msg-id	a7783475-b698-013d-ff0b-3ae4449a423f@joeconway.com Whole thread Raw
In response to	Re: [HACKERS] libpq connection strings: control over the cipher suites? (Michael Paquier <michael.paquier@gmail.com>)
List	pgsql-hackers

Tree view

On 11/09/2017 03:17 PM, Michael Paquier wrote:
> On Fri, Nov 10, 2017 at 2:53 AM, Joe Conway <mail@joeconway.com> wrote:
>> On 11/09/2017 03:27 AM, Graham Leggett wrote:
>>> Is there a parameter or mechanism for setting the required ssl cipher list from the client side?
>>
>> I don't believe so. That is controlled by ssl_ciphers, which requires a
>> restart in order to change.
>>
>> https://www.postgresql.org/docs/10/static/runtime-config-connection.html#GUC-SSL-CIPHERS
>
> Since commit de41869 present in v10, SSL parameters can be reloaded.

Oh, cool, I must have missed that -- thanks!

Joe

--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development

pgsql-hackers by date:

From: Tom Lane
Date: 10 November 2017, 05:18:42
Subject: Re: [HACKERS] Simplify ACL handling for large objects and removal of superuser() checks

From: Jeff Janes
Date: 10 November 2017, 05:55:36
Subject: Re: [HACKERS] pg_basebackup --progress output for batch execution

Re: [HACKERS] libpq connection strings: control over the ciphersuites? - Mailing list pgsql-hackers

Previous

Next