On Wed, Nov 06, 2013 at 09:57:32PM -0300, Alvaro Herrera wrote: > Marko Kreen escribió: > > > By default OpenSSL (and SSL/TLS in general) lets client cipher > > order take priority. This is OK for browsers where the ciphers > > were tuned, but few Postgres client libraries make cipher order > > configurable. So it makes sense to make cipher order in > > postgresql.conf take priority over client defaults. > > > > This patch adds setting 'ssl_prefer_server_ciphers' which can be > > turned on so that server cipher order is preferred. > > Wouldn't it make more sense to have this enabled by default?
Well, yes. :) I would even drop the GUC setting, but hypothetically there could be some sort of backwards compatiblity concerns, so I added it to patch and kept old default. But if noone has strong need for it, the setting can be removed. -- marko -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
