| From: | Martijn van Oosterhout <kleptog(at)svana(dot)org> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Florian Pflug <fgp(at)phlo(dot)org>, Magnus Hagander <magnus(at)hagander(dot)net>, Euler Taveira <euler(at)timbira(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Pgsql Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: libpq compression |
| Date: | 2012-06-18 17:42:34 |
| Message-ID: | 20120618174233.GA24681@svana.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sun, Jun 17, 2012 at 12:29:53PM -0400, Tom Lane wrote:
> The fly in the ointment with any of these ideas is that the "configure
> list" is not a list of exact cipher names, as per Magnus' comment that
> the current default includes tests like "!aNULL". I am not sure that
> we know how to evaluate such conditions if we are applying an
> after-the-fact check on the selected cipher. Does OpenSSL expose any
> API for evaluating whether a selected cipher meets such a test?
I'm not sure whether there's an API for it, but you can certainly check
manually with "openssl ciphers -v", for example:
$ openssl ciphers -v 'ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP'
NULL-SHA SSLv3 Kx=RSA Au=RSA Enc=None Mac=SHA1
NULL-MD5 SSLv3 Kx=RSA Au=RSA Enc=None Mac=MD5
...etc...
So unless the openssl includes the code twice there must be a way to
extract the list from the library.
Have a nice ay,
--
Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> He who writes carelessly confesses thereby at the very outset that he does
> not attach much importance to his own thoughts.
-- Arthur Schopenhauer
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Amit Kapila | 2012-06-18 17:44:37 | Re: Allow WAL information to recover corrupted pg_controldata |
| Previous Message | Jeff Davis | 2012-06-18 17:09:06 | Re: temporal support patch |