| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | tushar <tushar(dot)ahuja(at)enterprisedb(dot)com> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SSL Connection still showing TLSv1.3 even it is disabled in ssl_ciphers |
| Date: | 2019-08-05 14:11:12 |
| Message-ID: | 12204.1565014272@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
tushar <tushar(dot)ahuja(at)enterprisedb(dot)com> writes:
> when i connect to psql terminal -
> psql.bin (10.9)
> SSL connection (protocol: TLSv1.3, cipher: *TLS_AES_256_GCM_SHA384*,
> bits: 256, compression: off)
> Type "help" for help.
> postgres=# show ssl_ciphers ;
> ssl_ciphers
> ----------------------------------------------
> TLSv1.2:!aNULL:!SSLv2:!SSLv3:!TLSv1:!TLSv1.3
> (1 row)
My guess is that OpenSSL ignored your ssl_ciphers setting on the
grounds that it's stupid to reject all possible ciphers.
In any case, this would be something to raise with them not us.
PG does nothing with that value except pass it to SSL_CTX_set_cipher_list.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2019-08-05 14:21:39 | Re: [PATCH] Stop ALTER SYSTEM from making bad assumptions |
| Previous Message | Alvaro Herrera | 2019-08-05 14:07:06 | Re: Problem with default partition pruning |