Dag-Erling Smørgrav <d...@des.no> writes: > Alex Shulgin <a...@commandprompt.com> writes: >> * The patch works as advertised, though the only way to verify that >> connections made with the protocol disabled by the GUC are indeed >> rejected is to edit fe-secure-openssl.c to only allow specific TLS >> versions. Adding configuration on the libpq side as suggested in the >> original discussion might help here. > > I can easily do that, but I won't have time until next week or so.
I can do that too, just need a hint where to look at in libpq/psql to add the option. For SSL we have sslmode and sslcompression, etc. in conninfo, so adding sslprotocols seems to be an option. As an aside note: should we also expose a parameter to choose SSL ciphers (would be a separate patch)? -- Alex -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
