Marko Kreen escribió: > By default OpenSSL (and SSL/TLS in general) lets client cipher > order take priority. This is OK for browsers where the ciphers > were tuned, but few Postgres client libraries make cipher order > configurable. So it makes sense to make cipher order in > postgresql.conf take priority over client defaults. > > This patch adds setting 'ssl_prefer_server_ciphers' which can be > turned on so that server cipher order is preferred.
Wouldn't it make more sense to have this enabled by default? -- Álvaro Herrera http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers