diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
index 91a601559f0221a9d4cc930272416fc90d93d88f..cf11306f6cba5e8e3fdd7cae89ed00a3afa5fa87 100644
--- a/doc/src/sgml/config.sgml
+++ b/doc/src/sgml/config.sgml
@@ -889,12 +889,71 @@ include 'filename'
</indexterm>
<listitem>
<para>
- Specifies a list of <acronym>SSL</> ciphers that are allowed to be
+ Specifies a list of <acronym>SSL</> cipher suites that are allowed to be
used on secure connections. See
the <citerefentry><refentrytitle>ciphers</></citerefentry> manual page
in the <application>OpenSSL</> package for the syntax of this setting
- and a list of supported values. The default value is usually
- reasonable, unless you have specific security requirements.
+ and a list of supported values. The default value is
+ <literal>HIGH:MEDIUM:+3DES:!aNULL</>. It is usually reasonable,
+ unless you have specific security requirements.
+ </para>
+
+ <para>
+ Explanation of the default value:
+ <variablelist>
+ <varlistentry>
+ <term><literal>HIGH</literal></term>
+ <listitem>
+ <para>
+ Cipher suites that use ciphers from <literal>HIGH</> group (e.g.,
+ AES, Camellia, 3DES)
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>MEDIUM</literal></term>
+ <listitem>
+ <para>
+ Cipher suites that use ciphers from <literal>MEDIUM</> group
+ (e.g., RC4, SEED)
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>+3DES</literal></term>
+ <listitem>
+ <para>
+ The OpenSSL default order for <literal>HIGH</> is problematic
+ because it orders 3DES higher than AES128. This is wrong because
+ 3DES offers less security than AES128, and it is also much
+ slower. <literal>+3DES</> reorders it after all other
+ <literal>HIGH</> and <literal>MEDIUM</> ciphers.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>!aNULL</literal></term>
+ <listitem>
+ <para>
+ Disables anonymous cipher suites that do no authentication. Such
+ cipher suites are vulnerable to man-in-the-middle attacks and
+ therefore should not be used.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </para>
+
+ <para>
+ Available cipher suite details will vary across OpenSSL versions. Use
+ the command
+ <literal>openssl ciphers -v 'HIGH:MEDIUM:+3DES:!aNULL'</literal> to
+ see actual details for the currently installed <application>OpenSSL</>
+ version. Note that this list is filtered at run time based on the
+ server key type.
</para>
</listitem>
</varlistentry>
diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c
index aa5a8757fa30322c0a9f8aeb35c4001d7b427d6b..b27cb89a289a559e0a553eff40d45d98f8e7c15e 100644
--- a/src/backend/utils/misc/guc.c
+++ b/src/backend/utils/misc/guc.c
@@ -3237,7 +3237,7 @@ static struct config_string ConfigureNamesString[] =
},
&SSLCipherSuites,
#ifdef USE_SSL
- "DEFAULT:!LOW:!EXP:!MD5:@STRENGTH",
+ "HIGH:MEDIUM:+3DES:!aNULL",
#else
"none",
#endif
diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample
index 07341e72a437237d9e26cb3cb0c81d97151fda12..ce56059ceb294b78acae4d5e0c5ede36486002bf 100644
--- a/src/backend/utils/misc/postgresql.conf.sample
+++ b/src/backend/utils/misc/postgresql.conf.sample
@@ -79,7 +79,7 @@
#authentication_timeout = 1min # 1s-600s
#ssl = off # (change requires restart)
-#ssl_ciphers = 'DEFAULT:!LOW:!EXP:!MD5:@STRENGTH' # allowed SSL ciphers
+#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
# (change requires restart)
#ssl_prefer_server_ciphers = on # (change requires restart)
#ssl_ecdh_curve = 'prime256v1' # (change requires restart)