Never mind, I found the answer: http://archives.postgresql.org/pgsql-hackers/2006-08/msg01931.php
Working on the patch now. --------------------------------------------------------------------------- Bruce Momjian wrote: > Victor B. Wagner wrote: > > This patch adds following functionality to PostgreSQL > > > > 1. If PostgreSQL is compiled with OpenSSL version 0.9.7 and above, > > both backend and libpq read site-wide OpenSSL configuration file as > > described in OPENSSL_config functon manual page. > > > > This allows to use hardware crypto acceleration modules (engines) and, > > in future version 0.9.9 would allow to use additional cryptoalgorithms > > (i.e. national standards) which are not included in core OpenSSL. > > > > All other configuration parameters which are supported by OpenSSL > > library also are taken into account. > > > > > > 2. New configuration option "ssl_ciphers" is added to postgresql.conf. > > This option allows to change list of ciphers, acceptable by backend > > during SSL connection. Changing list of ciphers can be desirable to > > tighten or relax security of particular installation, and allows quick > > fix on configuration file level in case if vulnerability is discovered > > in one of cryptoalgorithms or their OpenSSL implementation - cipher > > suites which use such algorithm can be easily disabled. > > Why are you adding "ssl_ciphers" to postgresql.conf? Can't you control > that from the site-wide OpenSSL configuration file added above? > > -- > Bruce Momjian <[EMAIL PROTECTED]> http://momjian.us > EnterpriseDB http://www.enterprisedb.com > > + If your life is a hard drive, Christ can be your backup. + > > ---------------------------(end of broadcast)--------------------------- > TIP 2: Don't 'kill -9' the postmaster -- Bruce Momjian <[EMAIL PROTECTED]> http://momjian.us EnterpriseDB http://www.enterprisedb.com + If your life is a hard drive, Christ can be your backup. + ---------------------------(end of broadcast)--------------------------- TIP 4: Have you searched our list archives? http://archives.postgresql.org