On 1/17/18 14:05, Tom Lane wrote: > Although these corner cases are starting to make me feel like changing > my original vote. Maybe we should forget the prefixes, in particular > renaming gnutls_priorities to ssl_priorities, and just accept the need > to document some parameters as only relevant to some implementations.
We could go the route of normalizing all implementation-specific settings to some set of atomic concepts and create separate settings for those, and then map them back to the actual APIs in code. So we could take ssl_ciphers, ssl_prefer_server_ciphers, ssl_ecdh_curve and assemble internally something that we can pass to gnutls_priority_init(). But I think it would be more helpful in practice if the naming of the implementation-specific settings match with something you can look up in the documentation of that implementation. "GnuTLS priority string" is easy to look up and well documented. If instead we chop it up into something that is more like the OpenSSL settings, I think we are not helping anyone. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
