Tom Lane <t...@sss.pgh.pa.us> writes: > Anyone who is feeling paranoid about shutting off SSLv3 despite (1) > can do so via the existing ssl_ciphers GUC parameter [...] the ciphers > string includes categories corresponding to protocol versions, so you > can shut off an old protocol version there if you need to.
The overlap between SSL 3.0 and TLS 1.0 is 100%: % openssl ciphers SSLv2 | md5 fe5ff23432f119364a1126ca0776c5db % openssl ciphers SSLv3 | md5 bde4e4a10b9c3f323c0632ad067e293a % openssl ciphers TLSv1 | md5 bde4e4a10b9c3f323c0632ad067e293a % openssl ciphers TLSv1.2 | md5 26c375b6bdefb018b9dd7df463658320 Thus, if you disable all SSL 3.0 ciphers, you also disable TLS 1.0. DES -- Dag-Erling Smørgrav - d...@des.no -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
