Marko Kreen escribió:
> By default OpenSSL (and SSL/TLS in general) lets client cipher
> order take priority. This is OK for browsers where the ciphers
> were tuned, but few Postgres client libraries make cipher order
> configurable. So it makes sense to make cipher order in
> postgresql.conf take priority over client defaults.
> This patch adds setting 'ssl_prefer_server_ciphers' which can be
> turned on so that server cipher order is preferred.
Wouldn't it make more sense to have this enabled by default?
Álvaro Herrera http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
Sent via pgsql-hackers mailing list (email@example.com)
To make changes to your subscription: