On 09/07/2017 11:34 PM, Tomas Vondra wrote:
I am worried about having 3x version of TLS controls in
postgresql.conf, and only one set being active. Perhaps we need to
break out the TLS config to separate files or something. Anyway, this
needs more thought.
Well, people won't be able to set the inactive options, just like you
can't set ssl=on when you build without OpenSSL support. But perhaps we
could simply not include the inactive options into the config file, no?
Yeah, I have been thinking about how bad it would be to dynamically
generate the config file. I think I will try this.
Daniel: What options does Secure Transport need for configuring ciphers,
ECDH, and cipher preference? Does it need any extra options (I think I
saw something about the keychain)?
Andreas
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
