| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Marko Kreen <markokr(at)gmail(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Postgres Hackers List <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SSL: better default ciphersuite |
| Date: | 2014-02-23 01:31:14 |
| Message-ID: | 53094F62.4010308@gmx.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2/2/14, 7:16 AM, Marko Kreen wrote:
> On Thu, Dec 12, 2013 at 04:32:07PM +0200, Marko Kreen wrote:
>> Attached patch changes default ciphersuite to HIGH:MEDIUM:+3DES:!aNULL
>> and also adds documentation about reasoning for it.
>
> This is the last pending SSL cleanup related patch:
>
> https://commitfest.postgresql.org/action/patch_view?id=1310
>
> Peter, you have claimed it as committer, do you see any remaining
> issues with it?
I'm OK with this change on the principle of clarifying and refining the
existing default. But after inspecting the expanded cipher list with
the "openssl cipher" tool, I noticed that the new default re-enabled MD5
ciphers. Was that intentional?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mohsen SM | 2014-02-23 04:20:08 | typemode for variable types |
| Previous Message | Peter Eisentraut | 2014-02-23 00:53:22 | Re: Review: tests for client programs |