Peter Eisentraut <[EMAIL PROTECTED]> writes:
> In that case I'd expect to edit some central openssl configuration file to 
> turn off the offending methods in one central place.

I concur with this in the abstract: it would be better design to submit
something to the OpenSSL project to allow setting engine choices and
such site-wide.  In the short term, though, it's hard to deny that our

    if (SSL_CTX_set_cipher_list(SSL_context, 

is pretty ad-hoc and looks exactly like the sort of thing someone might
want to adjust.  I'm willing to accept the part of the patch that makes
that string into a GUC variable, until such time as OpenSSL provides a
way to configure itself site-wide so that we can remove this code
entirely.  I'm not eager to accept the other part of the patch.

                        regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 5: don't forget to increase your free space map settings

Reply via email to