committed
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
On Sat, Feb 22, 2014 at 08:31:14PM -0500, Peter Eisentraut wrote:
On 2/2/14, 7:16 AM, Marko Kreen wrote:
On Thu, Dec 12, 2013 at 04:32:07PM +0200, Marko Kreen wrote:
Attached patch changes default ciphersuite to HIGH:MEDIUM:+3DES:!aNULL
and also adds documentation about reasoning for it.
On 2/2/14, 7:16 AM, Marko Kreen wrote:
On Thu, Dec 12, 2013 at 04:32:07PM +0200, Marko Kreen wrote:
Attached patch changes default ciphersuite to HIGH:MEDIUM:+3DES:!aNULL
and also adds documentation about reasoning for it.
This is the last pending SSL cleanup related patch:
On Thu, Dec 12, 2013 at 04:32:07PM +0200, Marko Kreen wrote:
Attached patch changes default ciphersuite to HIGH:MEDIUM:+3DES:!aNULL
and also adds documentation about reasoning for it.
This is the last pending SSL cleanup related patch:
On Sun, Dec 15, 2013 at 5:10 PM, James Cloos cl...@jhcloos.com wrote:
For reference, see:
https://wiki.mozilla.org/Security/Server_Side_TLS
for the currently suggested suite for TLS servers.
...
But for pgsql, I'd leave off the !PSK; pre-shared keys may prove useful
for some. And RC4,
On Tue, Dec 17, 2013 at 09:51:30AM -0500, Robert Haas wrote:
On Sun, Dec 15, 2013 at 5:10 PM, James Cloos cl...@jhcloos.com wrote:
For reference, see:
https://wiki.mozilla.org/Security/Server_Side_TLS
for the currently suggested suite for TLS servers.
...
But for pgsql, I'd leave
On 12/17/2013 08:26 AM, Bruce Momjian wrote:
On Tue, Dec 17, 2013 at 09:51:30AM -0500, Robert Haas wrote:
On Sun, Dec 15, 2013 at 5:10 PM, James Cloos cl...@jhcloos.com wrote:
For reference, see:
https://wiki.mozilla.org/Security/Server_Side_TLS
for the currently suggested suite for TLS
On Tue, Dec 17, 2013 at 11:26:13AM -0500, Bruce Momjian wrote:
On Tue, Dec 17, 2013 at 09:51:30AM -0500, Robert Haas wrote:
I'm starting to think we should just leave this well enough alone. We
can't seem to find two people with the same idea of what would be
better than what we have now.
On 18/12/13 05:26, Bruce Momjian wrote:
On Tue, Dec 17, 2013 at 09:51:30AM -0500, Robert Haas wrote:
On Sun, Dec 15, 2013 at 5:10 PM, James Cloos cl...@jhcloos.com wrote:
For reference, see:
https://wiki.mozilla.org/Security/Server_Side_TLS
for the currently suggested suite for TLS
On Sun, Dec 15, 2013 at 05:10:38PM -0500, James Cloos wrote:
MK == Marko Kreen mark...@gmail.com writes:
PE == Peter Eisentraut pete...@gmx.net writes:
PE Any other opinions on this out there?
For reference, see:
https://wiki.mozilla.org/Security/Server_Side_TLS
for the currently
MK == Marko Kreen mark...@gmail.com writes:
PE == Peter Eisentraut pete...@gmx.net writes:
MK Well, we should - the DEFAULT is clearly a client-side default
MK for compatibility only. No server should ever run with it.
PE Any other opinions on this out there?
For reference, see:
On Thu, Dec 12, 2013 at 09:18:03PM -0500, Peter Eisentraut wrote:
On Thu, 2013-12-12 at 12:30 +0200, Marko Kreen wrote:
First, if there is explicit wish to keep RC4/SEED in play, I'm fine
with HIGH:MEDIUM:!aNULL as new default. Clarity-wise, it's still
much better than current value. And
On Wed, Dec 11, 2013 at 10:08:44PM -0500, Tom Lane wrote:
Peter Eisentraut pete...@gmx.net writes:
Any other opinions on this out there? All instances of other
SSL-enabled servers out there, except nginx, default to some variant of
DEFAULT:!LOW:... or HIGH:MEDIUM: The proposal here is
On Thu, Dec 12, 2013 at 11:30 AM, Marko Kreen mark...@gmail.com wrote:
On Wed, Dec 11, 2013 at 10:08:44PM -0500, Tom Lane wrote:
Peter Eisentraut pete...@gmx.net writes:
Any other opinions on this out there? All instances of other
SSL-enabled servers out there, except nginx, default to
On Thu, Dec 12, 2013 at 01:33:57PM +0100, Magnus Hagander wrote:
On Thu, Dec 12, 2013 at 11:30 AM, Marko Kreen mark...@gmail.com wrote:
On Wed, Dec 11, 2013 at 10:08:44PM -0500, Tom Lane wrote:
I know that SChannel SSL library in Windows XP (and earlier) is such
RC4+3DES only
On Thu, 2013-12-12 at 12:30 +0200, Marko Kreen wrote:
First, if there is explicit wish to keep RC4/SEED in play, I'm fine
with HIGH:MEDIUM:!aNULL as new default. Clarity-wise, it's still
much better than current value. And this value will result *exactly*
same list in same order as current
On Fri, 2013-11-29 at 18:43 +0200, Marko Kreen wrote:
Well, we should - the DEFAULT is clearly a client-side default
for compatibility only. No server should ever run with it.
Any other opinions on this out there? All instances of other
SSL-enabled servers out there, except nginx, default to
Peter Eisentraut pete...@gmx.net writes:
Any other opinions on this out there? All instances of other
SSL-enabled servers out there, except nginx, default to some variant of
DEFAULT:!LOW:... or HIGH:MEDIUM: The proposal here is essentially
to disable MEDIUM ciphers by default, which is
On Fri, 2013-11-15 at 01:11 +0200, Marko Kreen wrote:
Attached patch changes the default ciphersuite to
HIGH:!aNULL
instead of old
DEFAULT:!LOW:!EXP:!MD5:@STRENGTH
where DEFAULT is a shortcut for ALL:!aNULL:!eNULL.
Main goal is to leave low-level ciphersuite details to
On Fri, Nov 29, 2013 at 09:18:49AM -0500, Peter Eisentraut wrote:
On Fri, 2013-11-15 at 01:11 +0200, Marko Kreen wrote:
Attached patch changes the default ciphersuite to
HIGH:!aNULL
instead of old
DEFAULT:!LOW:!EXP:!MD5:@STRENGTH
where DEFAULT is a shortcut for
20 matches
Mail list logo