Peter Eisentraut <peter.eisentr...@2ndquadrant.com> writes: > On 2/7/17 11:21 AM, Tom Lane wrote: >> A compromise that might be worth considering is to introduce >> #define PG_DEFAULT_SSL_CIPHERS "HIGH:MEDIUM:+3DES:!aNULL" >> into pg_config_manual.h, which would at least give you a reasonably >> stable target point for a long-lived patch.
> You'd still need to patch postgresql.conf.sample somehow. Right. The compromise position that I had in mind was to add the #define in pg_config_manual.h and teach initdb to propagate it into the installed copy of postgresql.conf, as we've done with other GUCs with platform-dependent defaults, such as backend_flush_after. That still leaves the question of what to do with the SGML docs. We could add some weasel wording to the effect that the default might be platform-specific, or we could leave the docs alone and expect the envisioned Red Hat patch to patch config.sgml along with pg_config_manual.h. It looks like the xxx_flush_after GUCs aren't exactly fully documented as to this point, so we have some work to do there too :-( regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers