On 1/17/18 13:18, Tom Lane wrote: >> The proposed GnuTLS patch does make use of ssl_dh_params_file. > > Right, but what happens if say macTLS doesn't?
The previously proposed patch for that also makes use of ssl_dh_params_file. So while we can't guarantee that this will be the case for all TLS implementations ever, this is a pretty good indicator to me that it is an implementation-independent concept. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
