Marc G. Fournier wrote:
> > > My suggestion would be to eventually phase out ssl2 in favor of ssl3 or
> > > tls. And, as we are phasing it out, make it an opt-in thing, where the
> > > dba has to turn on ssl2 KNOWING he is turning on a flawed protocol.
> >
> > That was sort of my point --- if we allow SSLv2 in the server, are we
> > open to any security problems? Maybe not. I just don't know.
>
> My understanding of SSL/TLS is that the DBA himself has to enable it ...
> there has to be a server/client key setup, similar to how it gets done
> with Apache for https connections ... can someone confirm whether this is
> the case?
Uh, I just followed the steps in the PostgresSQL install instructions:openssl req -new -text -out server.reqopenssl rsa
-inprivkey.pem -out server.keyrm privkey.pemopenssl req -x509 -in server.req -text -key server.key -out server.crtchmod
og-rwxserver.key
Isn't that similar to what was required in 7.2.X?
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
359-1001+ If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square,
Pennsylvania19073