On 2/2/14, 7:16 AM, Marko Kreen wrote: > On Thu, Dec 12, 2013 at 04:32:07PM +0200, Marko Kreen wrote: >> Attached patch changes default ciphersuite to HIGH:MEDIUM:+3DES:!aNULL >> and also adds documentation about reasoning for it. > > This is the last pending SSL cleanup related patch: > > https://commitfest.postgresql.org/action/patch_view?id=1310 > > Peter, you have claimed it as committer, do you see any remaining > issues with it?
I'm OK with this change on the principle of clarifying and refining the existing default. But after inspecting the expanded cipher list with the "openssl cipher" tool, I noticed that the new default re-enabled MD5 ciphers. Was that intentional? -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers