Skip site navigation (1) Skip section navigation (2)

Re: [PATCHES] Backend SSL configuration enhancement

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: pgsql-hackers(at)postgresql(dot)org, "Victor B(dot) Wagner" <vitus(at)cryptocom(dot)ru>
Subject: Re: [PATCHES] Backend SSL configuration enhancement
Date: 2006-08-30 22:09:56
Message-ID: 200608310009.57481.peter_e@gmx.net (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
Victor B. Wagner wrote:
> First one is useful if for some reason some ciphers supported by
> OpenSSL is not permitted to use in the particular network, or if
> there is need to use ciphersuites which are not included into default
> ciphersuite list, now compiled into PostgreSQL.

Do you have specific examples where that might be the case?

> Second one can be used for taking cryptography load from server into
> special hardware chip, which can be useful for loaded servers.
> Also, upcoming OpenSSL 0.9.9 allows to add entirely new cryptographic
> algorithms via engines, so engine support allows to use algorithms,

ISTM that that should be in a system-wide OpenSSL configuration, not to 
be hacked into each SSL-using application separately.  Is that 
possible?

-- 
Peter Eisentraut
http://developer.postgresql.org/~petere/

In response to

Responses

pgsql-hackers by date

Next:From: Andrew DunstanDate: 2006-08-30 22:28:06
Subject: Re: Coding style for emacs
Previous:From: David FetterDate: 2006-08-30 22:05:24
Subject: Re: Coding style for emacs

pgsql-patches by date

Next:From: Andrew DunstanDate: 2006-08-30 22:28:06
Subject: Re: Coding style for emacs
Previous:From: David FetterDate: 2006-08-30 22:05:24
Subject: Re: Coding style for emacs

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group