On 17-06-2012 12:45, Magnus Hagander wrote:
> On Sun, Jun 17, 2012 at 11:42 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> Magnus Hagander <magnus@hagander.net> writes:
>>> Is there a reason why we don't have a parameter on the client
>>> mirroring ssl_ciphers?
>>
>> Dunno, do we need one? I am not sure what the cipher negotiation process
>> looks like or which side has the freedom to choose.
>
Both. Client sends a cipher list and the server determines which cipher is
used getting the first supported cipher in the client list.
> I haven't looked into the details, but it seems reasonable that
> *either* side should be able to at least define a list of ciphers it
> *doens't* want to talk with.
>
+1.
-- Euler Taveira de Oliveira - Timbira http://www.timbira.com.br/ PostgreSQL: Consultoria, Desenvolvimento,
Suporte24x7 e Treinamento