| From: | Heikki Linnakangas <hlinnakangas(at)vmware(dot)com> |
|---|---|
| To: | Marko Kreen <markokr(at)gmail(dot)com> |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, Magnus Hagander <magnus(at)hagander(dot)net>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCH 1/2] SSL: GUC option to prefer server cipher order |
| Date: | 2013-11-29 15:51:28 |
| Message-ID: | 5298B800.7030700@vmware.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 11/29/2013 05:43 PM, Marko Kreen wrote:
> On Fri, Nov 29, 2013 at 09:25:02AM -0500, Peter Eisentraut wrote:
>> On Thu, 2013-11-14 at 11:45 +0100, Magnus Hagander wrote:
>>> I think the default behaviour should be the one we recommend (which
>>> would be to have the server one be preferred). But I do agree with the
>>> requirement to have a GUC to be able to remove it
>>
>> Is there a reason why you would want to turn it off?
>
> GUC is there so old behaviour can be restored.
>
> Why would anyone want that, I don't know. In context of PostgreSQL,
> I see no reason to prefer old behaviour.
Imagine that the server is public, and anyone can connect. The server
offers SSL protection not to protect the data in the server, since
that's public anyway, but to protect the communication of the client. In
that situation, it should be the client's choice what encryption to use
(if any). This is analogous to using https on a public website.
I concur that that's pretty far-fetched. Just changing the behavior,
with no GUC, is fine by me.
- Heikki
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2013-11-29 15:59:42 | Re: MultiXact truncation, startup et al. |
| Previous Message | Alvaro Herrera | 2013-11-29 15:49:32 | Re: MultiXact truncation, startup et al. |