Thread: SSL (patch 6)
SSL support for ephemeral DH keys. As the comment headers in be-secure.c discusses, EPH preserves confidentiality even if the static private key (which is usually kept unencrypted) is compromised. Because of the value of this, common default values are hard-coded to protect the confidentiality of the data even if an attacker successfully deletes or modifies the external file. Bear
Attachment
Your patch has been added to the PostgreSQL unapplied patches list at: http://candle.pha.pa.us/cgi-bin/pgpatches I will try to apply it within the next 48 hours. --------------------------------------------------------------------------- Bear Giles wrote: > SSL support for ephemeral DH keys. > > As the comment headers in be-secure.c discusses, EPH preserves > confidentiality even if the static private key (which is usually > kept unencrypted) is compromised. > > Because of the value of this, common default values are hard-coded > to protect the confidentiality of the data even if an attacker > successfully deletes or modifies the external file. > > Bear Content-Description: /tmp/patch6 [ Attachment, skipping... ] > > ---------------------------(end of broadcast)--------------------------- > TIP 5: Have you checked our extensive FAQ? > > http://www.postgresql.org/users-lounge/docs/faq.html -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026
Patch applied. Thanks. --------------------------------------------------------------------------- Bear Giles wrote: > SSL support for ephemeral DH keys. > > As the comment headers in be-secure.c discusses, EPH preserves > confidentiality even if the static private key (which is usually > kept unencrypted) is compromised. > > Because of the value of this, common default values are hard-coded > to protect the confidentiality of the data even if an attacker > successfully deletes or modifies the external file. > > Bear Content-Description: /tmp/patch6 [ Attachment, skipping... ] > > ---------------------------(end of broadcast)--------------------------- > TIP 5: Have you checked our extensive FAQ? > > http://www.postgresql.org/users-lounge/docs/faq.html -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026