Skip to content
Snippets Groups Projects
Select Git revision
  • benchmark-tools
  • postgres-lambda
  • master default
  • REL9_4_25
  • REL9_5_20
  • REL9_6_16
  • REL_10_11
  • REL_11_6
  • REL_12_1
  • REL_12_0
  • REL_12_RC1
  • REL_12_BETA4
  • REL9_4_24
  • REL9_5_19
  • REL9_6_15
  • REL_10_10
  • REL_11_5
  • REL_12_BETA3
  • REL9_4_23
  • REL9_5_18
  • REL9_6_14
  • REL_10_9
  • REL_11_4
23 results

be-secure.c

  • Peter Eisentraut's avatar
    ef326752
    SSL: Add configuration option to prefer server cipher order · ef326752
    Peter Eisentraut authored
    
    By default, OpenSSL (and SSL/TLS in general) lets the client cipher
    order take priority.  This is OK for browsers where the ciphers were
    tuned, but few PostgreSQL client libraries make the cipher order
    configurable.  So it makes sense to have the cipher order in
    postgresql.conf take priority over client defaults.
    
    This patch adds the setting "ssl_prefer_server_ciphers" that can be
    turned on so that server cipher order is preferred.  Per discussion,
    this now defaults to on.
    
    From: Marko Kreen <markokr@gmail.com>
    Reviewed-by: default avatarAdrian Klaver <adrian.klaver@gmail.com>
    ef326752
    History
    SSL: Add configuration option to prefer server cipher order
    Peter Eisentraut authored
    
    By default, OpenSSL (and SSL/TLS in general) lets the client cipher
    order take priority.  This is OK for browsers where the ciphers were
    tuned, but few PostgreSQL client libraries make the cipher order
    configurable.  So it makes sense to have the cipher order in
    postgresql.conf take priority over client defaults.
    
    This patch adds the setting "ssl_prefer_server_ciphers" that can be
    turned on so that server cipher order is preferred.  Per discussion,
    this now defaults to on.
    
    From: Marko Kreen <markokr@gmail.com>
    Reviewed-by: default avatarAdrian Klaver <adrian.klaver@gmail.com>