| From: | Joe Conway <mail(at)joeconway(dot)com> |
|---|---|
| To: | Graham Leggett <minfrin(at)sharp(dot)fm>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: libpq connection strings: control over the cipher suites? |
| Date: | 2017-11-09 17:53:17 |
| Message-ID: | 16ac3573-1c73-3336-ae63-9adc3c5f033c@joeconway.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 11/09/2017 03:27 AM, Graham Leggett wrote:
> Is there a parameter or mechanism for setting the required ssl cipher list from the client side?
I don't believe so. That is controlled by ssl_ciphers, which requires a
restart in order to change.
https://www.postgresql.org/docs/10/static/runtime-config-connection.html#GUC-SSL-CIPHERS
select name,setting,context from pg_settings where name like '%ssl%';
name | setting | context
---------------------------+--------------------------+------------
ssl | off | postmaster
ssl_ca_file | | postmaster
ssl_cert_file | server.crt | postmaster
ssl_ciphers | HIGH:MEDIUM:+3DES:!aNULL | postmaster
ssl_crl_file | | postmaster
ssl_ecdh_curve | prime256v1 | postmaster
ssl_key_file | server.key | postmaster
ssl_prefer_server_ciphers | on | postmaster
(8 rows)
HTH,
Joe
--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2017-11-09 17:55:30 | Re: pageinspect option to forgo buffer locking? |
| Previous Message | Peter Geoghegan | 2017-11-09 17:51:25 | Re: pageinspect option to forgo buffer locking? |