Re:Re: Add support to TLS 1.3 cipher suites and curves lists

Поиск
Список
Период
Сортировка
От Erica Zhang
Тема Re:Re: Add support to TLS 1.3 cipher suites and curves lists
Дата
Msg-id tencent_F551A28C9CFA3CE8E278FD23E22F261EE607@qq.com
обсуждение исходный текст
Ответ на Add support to TLS 1.3 cipher suites and curves lists  ("Erica Zhang" <ericazhangy2021@qq.com>)
Ответы Re: Re: Add support to TLS 1.3 cipher suites and curves lists
Re: Re: Add support to TLS 1.3 cipher suites and curves lists
Список pgsql-hackers
Дерево обсуждения

Hi Peter,
Thanks a lot for the quick response. We are using Postgres instance in our product. For some security consideration, we prefer to use TLS1.3 cipher suites in our product with some customization values instead of default value "HIGH:MEDIUM:+3DES:!aNULL". Moreover we prefer to set a group of ecdh keys instead of a single value.

I see the https://commitfest.postgresql.org/48/ is still open, could it be possible to target for PG17? As I know PG17 is going to be release this year so that we can upgrade our instances to this new version accodingly.

Original Email

Sender:"Peter Eisentraut"< peter@eisentraut.org >;

Sent Time:2024/6/7 16:55

To:"Erica Zhang"< ericazhangy2021@qq.com >;"pgsql-hackers"< pgsql-hackers@lists.postgresql.org >;

Subject:Re: Add support to TLS 1.3 cipher suites and curves lists


On 07.06.24 08:10, Erica Zhang wrote:
> I’m a Postgres user and I’m looking into restricting the set of allowed
> ciphers on Postgres and configure a concrete set of curves on our
> postgres instances.

Out of curiosity, why is this needed in practice?

> Could you please help to review to see if you are interested in having
> this change in upcoming Postgres major release(It's should be PG17)?

It would be targetting PG18 now.

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Richard Guo
Дата:
Сообщение: Re: Reordering DISTINCT keys to match input path's pathkeys
Следующее
От: Dean Rasheed
Дата:
Сообщение: Re: Proposal to include --exclude-extension Flag in pg_dump