Peter Eisentraut wrote:
> Victor B. Wagner wrote:
>> First one is useful if for some reason some ciphers supported by
>> OpenSSL is not permitted to use in the particular network, or if
>> there is need to use ciphersuites which are not included into default
>> ciphersuite list, now compiled into PostgreSQL.
>
> Do you have specific examples where that might be the case?
this is btw. something that is available in most daemons utilizing
openssl - one can disable weak ciphers (which might not even be known as
weak at the time the defaults where set) or ciphers not authorized for
certain usage scenarios by this means.
Stefan