Re: [HACKERS] [PATCH] configure-time knob to set default ssl ciphers
Alvaro Herrerawrites: > Tom Lane wrote: >> If we did have code for multiple libraries, perhaps some people would >> want to compile all the variants at once; in which case overloading a >> single option to be used for all the libraries would be a problem. > Hmm, I
Re: [HACKERS] [PATCH] configure-time knob to set default ssl ciphers
Tom Lane wrote: > Daniel Gustafssonwrites: > > Since we hopefully will support more SSL libraries than OpenSSL at some > > point, > > and we don’t want a torrent of configure options, wouldn’t this be better as > > --with-server-ciphers=STRING or something similar? > > One
Re: [HACKERS] [PATCH] configure-time knob to set default ssl ciphers
Daniel Gustafssonwrites: > Since we hopefully will support more SSL libraries than OpenSSL at some point, > and we don’t want a torrent of configure options, wouldn’t this be better as > --with-server-ciphers=STRING or something similar? One of the reasons I'm not very
Re: [HACKERS] [PATCH] configure-time knob to set default ssl ciphers
> On 08 Feb 2017, at 13:31, Pavel Raiskupwrote: > > On Wednesday, February 8, 2017 1:29:19 PM CET Pavel Raiskup wrote: >> On Wednesday, February 8, 2017 1:05:08 AM CET Tom Lane wrote: >>> Peter Eisentraut writes: On 2/7/17 11:21 AM,
Re: [HACKERS] [PATCH] configure-time knob to set default ssl ciphers
On Wednesday, February 8, 2017 1:29:19 PM CET Pavel Raiskup wrote: > On Wednesday, February 8, 2017 1:05:08 AM CET Tom Lane wrote: > > Peter Eisentrautwrites: > > > On 2/7/17 11:21 AM, Tom Lane wrote: > > >> A compromise that might be worth considering is
Re: [HACKERS] [PATCH] configure-time knob to set default ssl ciphers
On Wednesday, February 8, 2017 1:05:08 AM CET Tom Lane wrote: > Peter Eisentrautwrites: > > On 2/7/17 11:21 AM, Tom Lane wrote: > >> A compromise that might be worth considering is to introduce > >> #define PG_DEFAULT_SSL_CIPHERS "HIGH:MEDIUM:+3DES:!aNULL" > >>
Re: [HACKERS] [PATCH] configure-time knob to set default ssl ciphers
Peter Eisentrautwrites: > On 2/7/17 11:21 AM, Tom Lane wrote: >> A compromise that might be worth considering is to introduce >> #define PG_DEFAULT_SSL_CIPHERS "HIGH:MEDIUM:+3DES:!aNULL" >> into pg_config_manual.h, which would at least give you a reasonably >>
Re: [HACKERS] [PATCH] configure-time knob to set default ssl ciphers
On 2/7/17 11:21 AM, Tom Lane wrote: > A compromise that might be worth considering is to introduce > > #define PG_DEFAULT_SSL_CIPHERS "HIGH:MEDIUM:+3DES:!aNULL" > > into pg_config_manual.h, which would at least give you a reasonably > stable target point for a long-lived patch. You'd still need
Re: [HACKERS] [PATCH] configure-time knob to set default ssl ciphers
Pavel Raiskupwrites: > PostgreSQL server uses 'HIGH:MEDIUM:+3DES:!aNULL' cipher set by default, > but what Fedora would like to have is 'PROFILE=SYSTEM' (works with > Fedora-patched OpenSSL, so please don't waste your time with checking this > elsewhere). > ... > I'd like to
[HACKERS] [PATCH] configure-time knob to set default ssl ciphers
Hi hackers, in Fedora, there's crypto initiative where people try to consolidate ssl cipher settings for (majority of) Fedora services (PostgreSQL is included). PostgreSQL server uses 'HIGH:MEDIUM:+3DES:!aNULL' cipher set by default, but what Fedora would like to have is 'PROFILE=SYSTEM' (works