| From: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
|---|---|
| To: | Joe Conway <mail(at)joeconway(dot)com> |
| Cc: | Graham Leggett <minfrin(at)sharp(dot)fm>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: libpq connection strings: control over the cipher suites? |
| Date: | 2017-11-09 23:17:11 |
| Message-ID: | CAB7nPqS0Z36nEc0qqgC8JWdUDQew5fR05QaLvx9yWNteKdGb1Q@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Nov 10, 2017 at 2:53 AM, Joe Conway <mail(at)joeconway(dot)com> wrote:
> On 11/09/2017 03:27 AM, Graham Leggett wrote:
>> Is there a parameter or mechanism for setting the required ssl cipher list from the client side?
>
> I don't believe so. That is controlled by ssl_ciphers, which requires a
> restart in order to change.
>
> https://www.postgresql.org/docs/10/static/runtime-config-connection.html#GUC-SSL-CIPHERS
Since commit de41869 present in v10, SSL parameters can be reloaded.
On libpq there is only an API to have a look at what are the ciphers
set by the server via PQsslAttribute().
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2017-11-09 23:18:42 | Re: Simplify ACL handling for large objects and removal of superuser() checks |
| Previous Message | Michael Paquier | 2017-11-09 23:11:33 | Re: Simplify ACL handling for large objects and removal of superuser() checks |