On 11/09/2017 03:27 AM, Graham Leggett wrote: > Is there a parameter or mechanism for setting the required ssl cipher list > from the client side?
I don't believe so. That is controlled by ssl_ciphers, which requires a restart in order to change. https://www.postgresql.org/docs/10/static/runtime-config-connection.html#GUC-SSL-CIPHERS select name,setting,context from pg_settings where name like '%ssl%'; name | setting | context ---------------------------+--------------------------+------------ ssl | off | postmaster ssl_ca_file | | postmaster ssl_cert_file | server.crt | postmaster ssl_ciphers | HIGH:MEDIUM:+3DES:!aNULL | postmaster ssl_crl_file | | postmaster ssl_ecdh_curve | prime256v1 | postmaster ssl_key_file | server.key | postmaster ssl_prefer_server_ciphers | on | postmaster (8 rows) HTH, Joe -- Crunchy Data - http://crunchydata.com PostgreSQL Support for Secure Enterprises Consulting, Training, & Open Source Development
signature.asc
Description: OpenPGP digital signature