On Tue, Dec 17, 2013 at 09:51:30AM -0500, Robert Haas wrote: > On Sun, Dec 15, 2013 at 5:10 PM, James Cloos <cl...@jhcloos.com> wrote: > > For reference, see: > > > > https://wiki.mozilla.org/Security/Server_Side_TLS > > > > for the currently suggested suite for TLS servers. > ... > > But for pgsql, I'd leave off the !PSK; pre-shared keys may prove useful > > for some. And RC4, perhaps, also should be !ed. > > > > And if anyone wants Kerberos tls-authentication, one could add > > KRB5-DES-CBC3-SHA, but that is ssl3-only. > > > > Once salsa20-poly1305 lands in openssl, that should be added to the > > start of the list. > > I'm starting to think we should just leave this well enough alone. We > can't seem to find two people with the same idea of what would be > better than what we have now. And of course the point of making it a > setting in the first place is that each person can set it to whatever > they deem best.
Yes, I am seeing that too. Can we agree on one that is _better_ than what we have now, even if we can't agree on a _best_ one? -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + Everyone has their own god. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers