SSL: Add configuration option to prefer server cipher order By default, OpenSSL (and SSL/TLS in general) lets the client cipher order take priority. This is OK for browsers where the ciphers were tuned, but few PostgreSQL client libraries make the cipher order configurable. So it makes sense to have the cipher order in postgresql.conf take priority over client defaults.
This patch adds the setting "ssl_prefer_server_ciphers" that can be turned on so that server cipher order is preferred. Per discussion, this now defaults to on. From: Marko Kreen <mark...@gmail.com> Reviewed-by: Adrian Klaver <adrian.kla...@gmail.com> Branch ------ master Details ------- http://git.postgresql.org/pg/commitdiff/ef3267523d1ecf53bb6d4ffbeb6a0ae1af84ed47 Modified Files -------------- doc/src/sgml/config.sgml | 21 +++++++++++++++++++++ src/backend/libpq/be-secure.c | 7 +++++++ src/backend/utils/misc/guc.c | 10 ++++++++++ src/backend/utils/misc/postgresql.conf.sample | 1 + 4 files changed, 39 insertions(+) -- Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
