[PATCH 1/2] SSL: GUC option to prefer server cipher order

Поиск
Список
Период
Сортировка
От Marko Kreen
Тема [PATCH 1/2] SSL: GUC option to prefer server cipher order
Дата
Msg-id 1383782378-7342-1-git-send-email-markokr@gmail.com
обсуждение исходный текст
Ответы [PATCH 2/2] SSL: Support ECDH key excange.  (Marko Kreen <markokr@gmail.com>)
Re: [PATCH 1/2] SSL: GUC option to prefer server cipher order  (Alvaro Herrera <alvherre@2ndquadrant.com>)
Re: [PATCH 1/2] SSL: GUC option to prefer server cipher order  (Peter Eisentraut <peter_e@gmx.net>)
Список pgsql-hackers
Дерево обсуждения 
By default OpenSSL (and SSL/TLS in general) lets client cipher
order take priority.  This is OK for browsers where the ciphers
were tuned, but few Postgres client libraries make cipher order
configurable.  So it makes sense to make cipher order in
postgresql.conf take priority over client defaults.

This patch adds setting 'ssl_prefer_server_ciphers' which can be
turned on so that server cipher order is preferred.

The setting SSL_OP_CIPHER_SERVER_PREFERENCE appeared in
OpenSSL 0.9.7 (31 Dec 2002), not sure if #ifdef is required
for conditional compilation.
---
 doc/src/sgml/config.sgml      | 12 ++++++++++++
 src/backend/libpq/be-secure.c |  7 +++++++
 src/backend/utils/misc/guc.c  | 10 ++++++++++
 3 files changed, 29 insertions(+)
Вложения

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Andres Freund
Дата:
Сообщение: Re: alter_table regression test problem
Следующее
От: Marko Kreen
Дата:
Сообщение: [PATCH 2/2] SSL: Support ECDH key excange.