Magnus Hagander <mag...@hagander.net> writes:
> Is there a reason why we don't have a parameter on the client
> mirroring ssl_ciphers?
Dunno, do we need one? I am not sure what the cipher negotiation process
looks like or which side has the freedom to choose.
> That, or just have DEFAULT as being the default (which in current
> openssl means ALL:!aNULL:!eNULL.
If our default isn't the same as the underlying default, I have to
question why not. But are you sure this "!" notation will work with
all openssl versions?
regards, tom lane
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
