On Tue, Jan 01, 2013 at 04:29:35PM +0100, Magnus Hagander wrote: > On Thu, Aug 30, 2012 at 11:41 PM, Bruce Momjian <br...@momjian.us> wrote: > > On Sun, Jun 17, 2012 at 11:45:54PM +0800, Magnus Hagander wrote: > > > Uh. We have the ! notation in our default *now*. What openssl also > > > supports is the text "DEFAULT", which is currently the equivalent of > > > "ALL!aNULL!eNULL". The question, which is valid of course, should be > > > if "DEFAULT" works with all openssl versions. > > > > > > It would seem reasonable it does, but I haven't investigated.
The oldest version readily available for download (0.9.1c, 1998) has it. > > Do we want to change our ssl_ciphers default to 'DEFAULT'? Currently it > > is 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH'. > > > Did we ever get anywhere with this? Is this a change we want to do for 9.3? > Since nobody seems to have come up with a motivation for not following the > openssl default, we probably should? +1 for doing that. I'm not aware of a PostgreSQL-specific selection criterion for SSL cipher suites. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
