Re: [HACKERS] default SSL compression (was: libpq compression)

2013-01-17 Thread Magnus Hagander
On Wed, Jan 2, 2013 at 3:17 PM, Magnus Hagander wrote: > On Wed, Jan 2, 2013 at 3:15 PM, Noah Misch wrote: >> On Wed, Jan 02, 2013 at 02:03:20PM +0100, Magnus Hagander wrote: >>> On Wed, Jan 2, 2013 at 1:15 AM, Tom Lane wrote: >>> > So +1 for changing it to "DEFAULT" from me, too. There's no re

Re: [HACKERS] default SSL compression (was: libpq compression)

2013-01-02 Thread Claudio Freire
On Wed, Jan 2, 2013 at 10:03 AM, Magnus Hagander wrote: > Finally we deny MD5 - I have no idea why we do that. Because it's broken, same motivation as in the thread for implementing ZK authentication. Also, I seem to have missed something because the thread subject mentions compression whereas I

Re: [HACKERS] default SSL compression (was: libpq compression)

2013-01-02 Thread Magnus Hagander
On Wed, Jan 2, 2013 at 3:15 PM, Noah Misch wrote: > On Wed, Jan 02, 2013 at 02:03:20PM +0100, Magnus Hagander wrote: >> On Wed, Jan 2, 2013 at 1:15 AM, Tom Lane wrote: >> > So +1 for changing it to "DEFAULT" from me, too. There's no reason to >> > think we know more about this than the OpenSSL a

Re: [HACKERS] default SSL compression (was: libpq compression)

2013-01-02 Thread Noah Misch
On Wed, Jan 02, 2013 at 02:03:20PM +0100, Magnus Hagander wrote: > On Wed, Jan 2, 2013 at 1:15 AM, Tom Lane wrote: > > So +1 for changing it to "DEFAULT" from me, too. There's no reason to > > think we know more about this than the OpenSSL authors. > > The DEFAULT value in OpenSSL 1.0 means "ALL

Re: [HACKERS] default SSL compression (was: libpq compression)

2013-01-02 Thread Magnus Hagander
On Wed, Jan 2, 2013 at 1:15 AM, Tom Lane wrote: > > Noah Misch writes: > > On Tue, Jan 01, 2013 at 04:29:35PM +0100, Magnus Hagander wrote: > >> On Thu, Aug 30, 2012 at 11:41 PM, Bruce Momjian wrote: > >>> Do we want to change our ssl_ciphers default to 'DEFAULT'? Currently it > >>> is 'ALL:!AD

Re: [HACKERS] default SSL compression (was: libpq compression)

2013-01-01 Thread Tom Lane
Noah Misch writes: > On Tue, Jan 01, 2013 at 04:29:35PM +0100, Magnus Hagander wrote: >> On Thu, Aug 30, 2012 at 11:41 PM, Bruce Momjian wrote: >>> Do we want to change our ssl_ciphers default to 'DEFAULT'? Currently it >>> is 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH'. >> Did we ever get anywhere wit

Re: [HACKERS] default SSL compression (was: libpq compression)

2013-01-01 Thread Noah Misch
On Tue, Jan 01, 2013 at 04:29:35PM +0100, Magnus Hagander wrote: > On Thu, Aug 30, 2012 at 11:41 PM, Bruce Momjian wrote: > > On Sun, Jun 17, 2012 at 11:45:54PM +0800, Magnus Hagander wrote: > > > Uh. We have the ! notation in our default *now*. What openssl also > > > supports is the text "DEFAUL

Re: [HACKERS] default SSL compression (was: libpq compression)

2013-01-01 Thread Magnus Hagander
On Thu, Aug 30, 2012 at 11:41 PM, Bruce Momjian wrote: > On Sun, Jun 17, 2012 at 11:45:54PM +0800, Magnus Hagander wrote: > > On Sun, Jun 17, 2012 at 11:42 PM, Tom Lane wrote: > > > Magnus Hagander writes: > > >> Is there a reason why we don't have a parameter on the client > > >> mirroring ssl