Florian Pflug <f...@phlo.org> writes: > I wonder though if shouldn't restrict the allowed ciphers list to being > a simple list of supported ciphers. If our goal is to support multiple > SSL libraries transparently then surely having openssl-specific syntax > in the config file isn't exactly great anyway...
No, we don't want to go there, because then we'd have to worry about keeping the default list in sync with what's supported by the particular version of the particular library we chance to be using. That's about as far from transparent as you can get. A notation like "DEFAULT" is really quite ideal for our purposes in that respect. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers