On 09/07/2017 11:34 PM, Tomas Vondra wrote:
>> I am worried about having 3x version of TLS controls in
>> postgresql.conf, and only one set being active. Perhaps we need to
>> break out the TLS config to separate files or something. Anyway, this
>> needs more thought.
>
> Well, people won't be able to set the inactive options, just like you
> can't set ssl=on when you build without OpenSSL support. But perhaps we
> could simply not include the inactive options into the config file, no?
Yeah, I have been thinking about how bad it would be to dynamically
generate the config file. I think I will try this.
Daniel: What options does Secure Transport need for configuring ciphers,
ECDH, and cipher preference? Does it need any extra options (I think I
saw something about the keychain)?
Andreas
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers