On Tue, Aug 26, 2025 at 7:10 AM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> (For that matter, if you have system-level security specifications
> to meet, why would you not alter the system-wide OpenSSL configuration
> on the client's host?)
There is that, or you can maybe use OPENSSL_CONF for more granularity.
(But I'm beginning to think we should support named configuration
sections [1] of openssl.conf, in both the client and the server, to
make this a bit easier.)
--Jacob
[1] https://docs.openssl.org/1.1.1/man3/SSL_CTX_config/