| From: | Dag-Erling Smørgrav <des(at)des(dot)no> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCH] add ssl_protocols configuration option |
| Date: | 2014-10-22 13:12:19 |
| Message-ID: | 86d29kdz9o.fsf@nine.des.no |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:
> This looks to me like re-fighting the last war. Such a GUC has zero value
> *unless* some situation exactly like the POODLE bug comes up again, and
> the odds of that are not high.
Many people would have said the exact same thing before POODLE, and
BEAST, and CRIME, and Heartbleed. You never know what sort of bugs or
weaknesses will show up or when; all you know is that there are a lot of
people working very hard to find these things and exploit them, and that
they *will* succeeded, again and again and again. You can gamble that
PostgreSQL will not be vulnerable due to specific details of its
protocol or how it uses TLS, but that's a gamble which you will
eventually lose.
> Moreover, the GUC could easily be misused to decrease rather than increase
> one's security, if it's carelessly set.
That's the user's responsibility.
DES
--
Dag-Erling Smørgrav - des(at)des(dot)no
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dag-Erling Smørgrav | 2014-10-22 13:14:26 | Re: [PATCH] add ssl_protocols configuration option |
| Previous Message | Heikki Linnakangas | 2014-10-22 13:02:50 | Re: Obsolete reference to _bt_tuplecompare() within tuplesort.c |