| From: | Andreas Karlsson <andreas(at)proxel(dot)se> |
|---|---|
| To: | Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: GnuTLS support |
| Date: | 2017-09-08 02:21:15 |
| Message-ID: | d6354dcb-96cd-84fc-ca0c-67bbb1cce0df@proxel.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 09/07/2017 11:34 PM, Tomas Vondra wrote:
>> I am worried about having 3x version of TLS controls in
>> postgresql.conf, and only one set being active. Perhaps we need to
>> break out the TLS config to separate files or something. Anyway, this
>> needs more thought.
>
> Well, people won't be able to set the inactive options, just like you
> can't set ssl=on when you build without OpenSSL support. But perhaps we
> could simply not include the inactive options into the config file, no?
Yeah, I have been thinking about how bad it would be to dynamically
generate the config file. I think I will try this.
Daniel: What options does Secure Transport need for configuring ciphers,
ECDH, and cipher preference? Does it need any extra options (I think I
saw something about the keychain)?
Andreas
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Masahiko Sawada | 2017-09-08 02:32:15 | Re: Moving relation extension locks out of heavyweight lock manager |
| Previous Message | Tom Lane | 2017-09-08 02:11:26 | Re: [bug fix] Savepoint-related statements terminates connection |