Hi, On 5 March 2015 at 19:58, Christoph Berg <[email protected]> wrote: >> That's an excellent thought.. I wasn't aware of this. Unfortunately, >> I'm not sure that we could make it the default in Debian as it requires >> server-side certificates be configured and used properly (correct?) but >> I don't see a reason to not support it and encourage its use.
TLS-SRP verifies both client and server. > We have the autogenerated snakeoil certificates that we use anyway. > If these aren't good (why?), we could put more automation in there and > generate proper certificates. That's probably more of a > distribution-wide topic and not just PostgreSQL, though. The snake-oil certificate could certainly be improved with a more useful framework for creating and submitting CSRs and monitoring for renewal/expiry. Certutil(?) from FreeIPA does this. Regards, Michael _______________________________________________ Pkg-postgresql-public mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-postgresql-public
