Re: Add support to TLS 1.3 cipher suites and curves lists - Mailing list pgsql-hackers

From Peter Eisentraut
Subject Re: Add support to TLS 1.3 cipher suites and curves lists
Date
Msg-id cea2e1b6-69c4-4796-99e5-32c87040d1a6@eisentraut.org
Whole thread Raw
In response to Re: Add support to TLS 1.3 cipher suites and curves lists  (Jacob Champion <jacob.champion@enterprisedb.com>)
List pgsql-hackers
On 18.09.24 22:48, Jacob Champion wrote:
>> +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL'  # allowed TLSv1.2 ciphers
>> +#ssl_cipher_suites = ''    # allowed TLSv1.3 cipher suites, blank for default
> After marinating on this a bit... I think the naming may result in
> some "who's on first" miscommunications in forums and on the list. "I
> set the SSL ciphers to <whatever>, but it says there are no valid
> ciphers available!" Should we put TLS 1.3 into the new GUC name
> somehow?

Yeah, I think just

ssl_ciphers =
ssl_ciphers_tlsv13 =

would be clear enough.  Just using "ciphers" vs. "cipher suites" would 
not be.




pgsql-hackers by date:

Previous
From: Amit Kapila
Date:
Subject: Re: Documentation to upgrade logical replication cluster
Next
From: "Hayato Kuroda (Fujitsu)"
Date:
Subject: RE: Clock-skew management in logical replication