On Tue, Sep 05, 2006 at 10:17:15AM +0400, Victor Wagner wrote:
> It's a pity that it's to late for patch to get into 8.2.
> It means that during all 8.2 lifecycle we'll have to maintain this patch
> separately.
Hmm? After 8.2 releases, if it's ready, it will go straight into CVS at
which point it'
On 2006.09.04 at 15:46:03 -0400, Bruce Momjian wrote:
> Tom Lane wrote:
> > Bruce Momjian <[EMAIL PROTECTED]> writes:
> > > This has been saved for the 8.3 release:
> > > http://momjian.postgresql.org/cgi-bin/pgpatches_hold
> >
> > This version was withdrawn by the author for rework, no?
>
> R
Victor Wagner wrote:
> On 2006.09.04 at 15:46:03 -0400, Bruce Momjian wrote:
>
> > Tom Lane wrote:
> > > Bruce Momjian <[EMAIL PROTECTED]> writes:
> > > > This has been saved for the 8.3 release:
> > > > http://momjian.postgresql.org/cgi-bin/pgpatches_hold
> > >
> > > This version was wit
Tom Lane wrote:
> Bruce Momjian <[EMAIL PROTECTED]> writes:
> > This has been saved for the 8.3 release:
> > http://momjian.postgresql.org/cgi-bin/pgpatches_hold
>
> This version was withdrawn by the author for rework, no?
Right, and the thread in patches_hold shows that. The reason it is in
Bruce Momjian <[EMAIL PROTECTED]> writes:
> This has been saved for the 8.3 release:
> http://momjian.postgresql.org/cgi-bin/pgpatches_hold
This version was withdrawn by the author for rework, no?
regards, tom lane
---(end of broadcast)--
On Thu, Aug 31, 2006 at 12:11:46 +0400,
"Victor B. Wagner" <[EMAIL PROTECTED]> wrote:
>
> It contains !MD5 element, because MD5 digest algorithm was broken about
> year ago, and PostgreSQL expected to work with versions of OpenSSL which
> still consider it strong.
MD5 wasn't completely broken a
On 2006.08.31 at 14:36:28 -0400, Tom Lane wrote:
>
> I concur with this in the abstract: it would be better design to submit
> something to the OpenSSL project to allow setting engine choices and
> such site-wide. In the short term, though, it's hard to deny that our
> code
>
> if (SSL_CTX_
Peter Eisentraut <[EMAIL PROTECTED]> writes:
> In that case I'd expect to edit some central openssl configuration file to
> turn off the offending methods in one central place.
I concur with this in the abstract: it would be better design to submit
something to the OpenSSL project to allow settin
On 2006.08.31 at 10:34:02 +0200, Peter Eisentraut wrote:
> Am Donnerstag, 31. August 2006 11:29 schrieb Stefan Kaltenbrunner:
> > this is btw. something that is available in most daemons utilizing
> > openssl - one can disable weak ciphers (which might not even be known as
> > weak at the time the
Am Donnerstag, 31. August 2006 11:29 schrieb Stefan Kaltenbrunner:
> this is btw. something that is available in most daemons utilizing
> openssl - one can disable weak ciphers (which might not even be known as
> weak at the time the defaults where set) or ciphers not authorized for
> certain usage
On 2006.08.31 at 08:52:08 +0100, Gregory Stark wrote:
>
> "Victor B. Wagner" <[EMAIL PROTECTED]> writes:
>
> > One example which can be tested with stock OpenSSL without national
> > cryptography modules is - usage of NULL ciphers. They are not enabled by
> > default, but use of them provides cr
"Victor B. Wagner" <[EMAIL PROTECTED]> writes:
> One example which can be tested with stock OpenSSL without national
> cryptography modules is - usage of NULL ciphers. They are not enabled by
> default, but use of them provides cryptographically strong
> authentication with client certificates an
Peter Eisentraut wrote:
Victor B. Wagner wrote:
First one is useful if for some reason some ciphers supported by
OpenSSL is not permitted to use in the particular network, or if
there is need to use ciphersuites which are not included into default
ciphersuite list, now compiled into PostgreSQL.
On 2006.08.31 at 00:09:56 +0200, Peter Eisentraut wrote:
> Victor B. Wagner wrote:
> > First one is useful if for some reason some ciphers supported by
> > OpenSSL is not permitted to use in the particular network, or if
> > there is need to use ciphersuites which are not included into default
> >
Victor B. Wagner wrote:
> First one is useful if for some reason some ciphers supported by
> OpenSSL is not permitted to use in the particular network, or if
> there is need to use ciphersuites which are not included into default
> ciphersuite list, now compiled into PostgreSQL.
Do you have specif
Tom Lane wrote:
"Victor B. Wagner" <[EMAIL PROTECTED]> writes:
This patch adds two new configuration diretives to postgresql.conf file
1. ssl_ciphers - allows server administrator to specify set of SSL
ciphersuites which can be used by clients to connect the server.
2. ssl_engine - allows
"Victor B. Wagner" <[EMAIL PROTECTED]> writes:
> This patch adds two new configuration diretives to postgresql.conf file
> 1. ssl_ciphers - allows server administrator to specify set of SSL
> ciphersuites which can be used by clients to connect the server.
> 2. ssl_engine - allows to specify lo
17 matches
Mail list logo