Magnus Hagander <mag...@hagander.net> writes: > Is there a reason why we don't have a parameter on the client > mirroring ssl_ciphers?
Dunno, do we need one? I am not sure what the cipher negotiation process looks like or which side has the freedom to choose. > That, or just have DEFAULT as being the default (which in current > openssl means ALL:!aNULL:!eNULL. If our default isn't the same as the underlying default, I have to question why not. But are you sure this "!" notation will work with all openssl versions? regards, tom lane -- Sent via pgsql-hackers mailing list (email@example.com) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers