Thanks. If OpenSSL apply any patches at OS level, Is there any changes/maintenance we need to perform at PostgreSQL end?
On Thu, Nov 9, 2017 at 5:46 PM, Joe Conway <m...@joeconway.com> wrote: > On 11/09/2017 01:59 PM, chiru r wrote: > > I am using PostgreSQL version *9.5.7* on Red hat enterprise Linux *7.2.* > > > > *OpenSSL version : * OpenSSL 1.0.1e-fips 11 Feb 2013. > > > > I have a requirement to enable the SSL in my environment with specific > > cipher suites,we want to restrict weak cipher suites from open SSL > > default list. > > > > We have list of cipher suites, which are authorized to use in my > > environment.So the Client Applications use one of authorized cipher > > suites while configuring application server. > > > > Is it require to install different version of OpenSSL software instead > > of default OpenSSL on Linux ?. > > Note -- please don't cross post to hackers as it is off topic for that > list and cross posting is generally frowned upon (pgsql-hackers removed). > > Assuming you mean that you need only FIPS 140-2 compliant ciphers, you > would want to configure the OS for system-wide FIPS compliance. See: > > https://access.redhat.com/documentation/en-us/red_hat_ > enterprise_linux/7/html/security_guide/chap-federal_ > standards_and_regulations > > > > How to configure the PostgreSQL to allow specif cipher suites from > > different client applications? > > > If you still need more control over what Postgres allows, see the > ssl_ciphers configuration setting here: > > https://www.postgresql.org/docs/current/static/runtime- > config-connection.html#GUC-SSL > > HTH, > > Joe > > -- > Crunchy Data - http://crunchydata.com > PostgreSQL Support for Secure Enterprises > Consulting, Training, & Open Source Development > >
