pramod kg <pramod11287@gmail.com> writes:
> I have enabled ssl on my PG servers and have set ssl_cipher to "HIGH".
> Still, the security team complains that weak ciphers are accepted at server
> side (They have run some security tests).
The default setting of that is
#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
Perhaps the problem is your ill-advised removal of the !aNULL part.
regards, tom lane