Re: Add support to TLS 1.3 cipher suites and curves lists
От | Nathan Bossart |
---|---|
Тема | Re: Add support to TLS 1.3 cipher suites and curves lists |
Дата | |
Msg-id | Z1nHx4dEIRTQsbMC@nathan обсуждение исходный текст |
Ответ на | Re: Add support to TLS 1.3 cipher suites and curves lists (Peter Eisentraut <peter@eisentraut.org>) |
Ответы |
Re: Add support to TLS 1.3 cipher suites and curves lists
|
Список | pgsql-hackers |
First of all, thank you all for working on this feature. On Wed, Sep 25, 2024 at 10:51:05AM +0200, Peter Eisentraut wrote: > On 18.09.24 22:48, Jacob Champion wrote: >> > +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed TLSv1.2 ciphers >> > +#ssl_cipher_suites = '' # allowed TLSv1.3 cipher suites, blank for default >> After marinating on this a bit... I think the naming may result in >> some "who's on first" miscommunications in forums and on the list. "I >> set the SSL ciphers to <whatever>, but it says there are no valid >> ciphers available!" Should we put TLS 1.3 into the new GUC name >> somehow? > > Yeah, I think just > > ssl_ciphers = > ssl_ciphers_tlsv13 = > > would be clear enough. Just using "ciphers" vs. "cipher suites" would not > be. Sorry for chiming in so late here, but I was a little surprised to see the TLS version in the GUC name. ISTM this would require us to create a new GUC for every new TLS version, or explain that ssl_tls13_ciphers isn't just for 1.3. Perhaps neither of those things are too terrible, but I felt it was worth bringing up. -- nathan
В списке pgsql-hackers по дате отправления: