Re: [HACKERS] GnuTLS support
| От | Tom Lane |
|---|---|
| Тема | Re: [HACKERS] GnuTLS support |
| Дата | |
| Msg-id | 9377.1516210780@sss.pgh.pa.us обсуждение |
| Ответ на | Re: [HACKERS] GnuTLS support (Peter Eisentraut <peter.eisentraut@2ndquadrant.com>) |
| Ответы |
Re: [HACKERS] GnuTLS support
|
| Список | pgsql-hackers |
Peter Eisentraut <peter.eisentraut@2ndquadrant.com> writes:
> Question for the group: We currently have a number of config settings
> named ssl_*. Some of these are specific to OpenSSL, some are not, namely:
> # general
> ssl
> ssl_dh_params_file
> ssl_cert_file
> ssl_key_file
> ssl_ca_file
> ssl_crl_file
> # OpenSSL
> ssl_ciphers
> ssl_prefer_server_ciphers
> ssl_ecdh_curve
> # GnuTLS (proposed)
> gnutls_priorities
> (effectively a combination of ssl_ciphers and ssl_prefer_server_ciphers)
> Should we rename the OpenSSL-specific settings to openssl_*?
> It think it would be better for clarity, and they are not set very
> commonly, so the user impact would be low.
Yeah, I think only the "general" parameters would be set by very
many people. +1 for renaming the OpenSSL-only parameters.
I don't know too much about the internals here, so looking at your
list, I wonder whether "ssl_dh_params_file" ought to be treated as
implementation-specific too. The other four files seem essential
to any feature-complete implementation, but is that one?
regards, tom lane
В списке pgsql-hackers по дате отправления: