Magnus Hagander <> writes:
> Is there a reason why we don't have a parameter on the client
> mirroring ssl_ciphers?

Dunno, do we need one?  I am not sure what the cipher negotiation process
looks like or which side has the freedom to choose.

> That, or just have DEFAULT as being the default (which in current
> openssl means ALL:!aNULL:!eNULL.

If our default isn't the same as the underlying default, I have to
question why not.  But are you sure this "!" notation will work with
all openssl versions?

                        regards, tom lane

Sent via pgsql-hackers mailing list (
To make changes to your subscription:

Reply via email to