| From: | Noah Misch <noah(at)leadboat(dot)com> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Euler Taveira <euler(at)timbira(dot)com>, Florian Pflug <fgp(at)phlo(dot)org>, Pgsql Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: default SSL compression (was: libpq compression) |
| Date: | 2013-01-01 19:00:55 |
| Message-ID: | 20130101190055.GA30438@tornado.leadboat.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Jan 01, 2013 at 04:29:35PM +0100, Magnus Hagander wrote:
> On Thu, Aug 30, 2012 at 11:41 PM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> > On Sun, Jun 17, 2012 at 11:45:54PM +0800, Magnus Hagander wrote:
> > > Uh. We have the ! notation in our default *now*. What openssl also
> > > supports is the text "DEFAULT", which is currently the equivalent of
> > > "ALL!aNULL!eNULL". The question, which is valid of course, should be
> > > if "DEFAULT" works with all openssl versions.
> > >
> > > It would seem reasonable it does, but I haven't investigated.
The oldest version readily available for download (0.9.1c, 1998) has it.
> > Do we want to change our ssl_ciphers default to 'DEFAULT'? Currently it
> > is 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH'.
> >
> Did we ever get anywhere with this? Is this a change we want to do for 9.3?
> Since nobody seems to have come up with a motivation for not following the
> openssl default, we probably should?
+1 for doing that. I'm not aware of a PostgreSQL-specific selection criterion
for SSL cipher suites.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2013-01-01 23:48:03 | Re: dynamic SQL - possible performance regression in 9.2 |
| Previous Message | Boszormenyi Zoltan | 2013-01-01 18:26:14 | Re: [PATCH] Make pg_basebackup configure and start standby [Review] |