On Thu, Dec 05, 2013 at 09:43:31AM -0500, Peter Eisentraut wrote:
> On 12/5/13, 8:53 AM, Dr. Andreas Kunert wrote:
> > we were really missing the information in our log files if (and which
> > of) our users are using SSL during their connections.
> >
> > The attached patch is a very simple solution to this problem - it just
> > tests if the ssl pointer in Port is null. If no, it adds "SSL" to the
> > logfile, otherwise it adds "NOSSL".
>
> That seems useful. Do we need more information, like whether a client
> certificate was presented, or what ciphers were used?
Yes, please show ciphersuite and TLS version too. Andreas, you can use my
recent \conninfo patch as template:
https://github.com/markokr/postgres/commit/7d1b27ac74643abd15007cc4ec0b56ba92b39d90
Also, please show the SSL level also for walsender connections. It's
quite important to know whether they are using SSL or not.
But I think the 'bits' output is unnecessary, as it's cipher strength
is known by ciphersuite. Perhaps it can be removed from \conninfo too.
--
marko