Michael Fuhr <[EMAIL PROTECTED]> writes: > Isn't that the wrong test for DH_check's return value?
Yeah, sure looks that way, doesn't it? > If $PGDATA/dh1024.pem exists and if SSL connections are enabled, > then each SSL connection logs the following: > DH_check error (dh1024.pem): No SSL error reported > The backend then loads the hardcoded parameters. The SSL connection > works, but with DH parameters other than intended. So it's not that surprising that no one noticed it was broken :-( regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 4: Have you searched our list archives? http://archives.postgresql.org