Re: [PATCH 1/2] SSL: GUC option to prefer server cipher order

Поиск
Список
Период
Сортировка
От Alvaro Herrera
Тема Re: [PATCH 1/2] SSL: GUC option to prefer server cipher order
Дата
Msg-id 20131107005732.GR5809@eldon.alvh.no-ip.org
обсуждение исходный текст
Ответ на [PATCH 1/2] SSL: GUC option to prefer server cipher order  (Marko Kreen <markokr@gmail.com>)
Ответы Re: [PATCH 1/2] SSL: GUC option to prefer server cipher order  (Marko Kreen <markokr@gmail.com>)
Список pgsql-hackers
Дерево обсуждения 
Marko Kreen escribió:

> By default OpenSSL (and SSL/TLS in general) lets client cipher
> order take priority.  This is OK for browsers where the ciphers
> were tuned, but few Postgres client libraries make cipher order
> configurable.  So it makes sense to make cipher order in
> postgresql.conf take priority over client defaults.
> 
> This patch adds setting 'ssl_prefer_server_ciphers' which can be
> turned on so that server cipher order is preferred.

Wouldn't it make more sense to have this enabled by default?

-- 
Álvaro Herrera                http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Steve Crawford
Дата:
Сообщение: Documentation patch for date/time formatting functions
Следующее
От: Marko Kreen
Дата:
Сообщение: Re: [PATCH 1/2] SSL: GUC option to prefer server cipher order