CVSROOT: /cvsroot
Module name: pgsql
Changes by: momjian(at)postgresql(dot)org 02/06/14 00:31:49
Modified files:
src/backend/libpq: be-secure.c
src/interfaces/libpq: fe-secure.c
Log message:
SSL support for ephemeral DH keys.
As the comment headers in be-secure.c discusses, EPH preserves
confidentiality even if the static private key (which is usually
kept unencrypted) is compromised.
Because of the value of this, common default values are hard-coded
to protect the confidentiality of the data even if an attacker
successfully deletes or modifies the external file.
Bear Giles