On 2/2/14, 7:16 AM, Marko Kreen wrote:
> On Thu, Dec 12, 2013 at 04:32:07PM +0200, Marko Kreen wrote:
>> Attached patch changes default ciphersuite to HIGH:MEDIUM:+3DES:!aNULL
>> and also adds documentation about reasoning for it.
>
> This is the last pending SSL cleanup related patch:
>
> https://commitfest.postgresql.org/action/patch_view?id=1310
>
> Peter, you have claimed it as committer, do you see any remaining
> issues with it?
I'm OK with this change on the principle of clarifying and refining the
existing default. But after inspecting the expanded cipher list with
the "openssl cipher" tool, I noticed that the new default re-enabled MD5
ciphers. Was that intentional?