Re: [HACKERS] libpq connection strings: control over the cipher suites?

Joe Conway Thu, 09 Nov 2017 09:54:01 -0800

On 11/09/2017 03:27 AM, Graham Leggett wrote:
> Is there a parameter or mechanism for setting the required ssl cipher list 
> from the client side?


I don't believe so. That is controlled by ssl_ciphers, which requires a
restart in order to change.

https://www.postgresql.org/docs/10/static/runtime-config-connection.html#GUC-SSL-CIPHERS

select name,setting,context from pg_settings where name like '%ssl%';
           name            |         setting          |  context
---------------------------+--------------------------+------------
 ssl                       | off                      | postmaster
 ssl_ca_file               |                          | postmaster
 ssl_cert_file             | server.crt               | postmaster
 ssl_ciphers               | HIGH:MEDIUM:+3DES:!aNULL | postmaster
 ssl_crl_file              |                          | postmaster
 ssl_ecdh_curve            | prime256v1               | postmaster
 ssl_key_file              | server.key               | postmaster
 ssl_prefer_server_ciphers | on                       | postmaster
(8 rows)

HTH,

Joe

-- 
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development

signature.asc
Description: OpenPGP digital signature

Re: [HACKERS] libpq connection strings: control over the cipher suites?

Reply via email to