Victor B. Wagner wrote: > First one is useful if for some reason some ciphers supported by > OpenSSL is not permitted to use in the particular network, or if > there is need to use ciphersuites which are not included into default > ciphersuite list, now compiled into PostgreSQL.
Do you have specific examples where that might be the case? > Second one can be used for taking cryptography load from server into > special hardware chip, which can be useful for loaded servers. > Also, upcoming OpenSSL 0.9.9 allows to add entirely new cryptographic > algorithms via engines, so engine support allows to use algorithms, ISTM that that should be in a system-wide OpenSSL configuration, not to be hacked into each SSL-using application separately. Is that possible? -- Peter Eisentraut http://developer.postgresql.org/~petere/ ---------------------------(end of broadcast)--------------------------- TIP 4: Have you searched our list archives? http://archives.postgresql.org
