On Wed, Jan 2, 2013 at 3:17 PM, Magnus Hagander wrote:
> On Wed, Jan 2, 2013 at 3:15 PM, Noah Misch wrote:
>> On Wed, Jan 02, 2013 at 02:03:20PM +0100, Magnus Hagander wrote:
>>> On Wed, Jan 2, 2013 at 1:15 AM, Tom Lane wrote:
>>> > So +1 for changing it to "DEFAULT" from me, too. There's no re
On Wed, Jan 2, 2013 at 10:03 AM, Magnus Hagander wrote:
> Finally we deny MD5 - I have no idea why we do that.
Because it's broken, same motivation as in the thread for implementing
ZK authentication.
Also, I seem to have missed something because the thread subject
mentions compression whereas I
On Wed, Jan 2, 2013 at 3:15 PM, Noah Misch wrote:
> On Wed, Jan 02, 2013 at 02:03:20PM +0100, Magnus Hagander wrote:
>> On Wed, Jan 2, 2013 at 1:15 AM, Tom Lane wrote:
>> > So +1 for changing it to "DEFAULT" from me, too. There's no reason to
>> > think we know more about this than the OpenSSL a
On Wed, Jan 02, 2013 at 02:03:20PM +0100, Magnus Hagander wrote:
> On Wed, Jan 2, 2013 at 1:15 AM, Tom Lane wrote:
> > So +1 for changing it to "DEFAULT" from me, too. There's no reason to
> > think we know more about this than the OpenSSL authors.
>
> The DEFAULT value in OpenSSL 1.0 means "ALL
On Wed, Jan 2, 2013 at 1:15 AM, Tom Lane wrote:
>
> Noah Misch writes:
> > On Tue, Jan 01, 2013 at 04:29:35PM +0100, Magnus Hagander wrote:
> >> On Thu, Aug 30, 2012 at 11:41 PM, Bruce Momjian wrote:
> >>> Do we want to change our ssl_ciphers default to 'DEFAULT'? Currently it
> >>> is 'ALL:!AD
Noah Misch writes:
> On Tue, Jan 01, 2013 at 04:29:35PM +0100, Magnus Hagander wrote:
>> On Thu, Aug 30, 2012 at 11:41 PM, Bruce Momjian wrote:
>>> Do we want to change our ssl_ciphers default to 'DEFAULT'? Currently it
>>> is 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH'.
>> Did we ever get anywhere wit
On Tue, Jan 01, 2013 at 04:29:35PM +0100, Magnus Hagander wrote:
> On Thu, Aug 30, 2012 at 11:41 PM, Bruce Momjian wrote:
> > On Sun, Jun 17, 2012 at 11:45:54PM +0800, Magnus Hagander wrote:
> > > Uh. We have the ! notation in our default *now*. What openssl also
> > > supports is the text "DEFAUL
On Thu, Aug 30, 2012 at 11:41 PM, Bruce Momjian wrote:
> On Sun, Jun 17, 2012 at 11:45:54PM +0800, Magnus Hagander wrote:
> > On Sun, Jun 17, 2012 at 11:42 PM, Tom Lane wrote:
> > > Magnus Hagander writes:
> > >> Is there a reason why we don't have a parameter on the client
> > >> mirroring ssl