Re: SSL: better default ciphersuite

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Marko Kreen <markokr(at)gmail(dot)com>
Cc: Postgres Hackers List <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: SSL: better default ciphersuite
Date: 2013-12-12 02:29:43
Message-ID: 1386815383.28197.2.camel@vanquo.pezone.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Fri, 2013-11-29 at 18:43 +0200, Marko Kreen wrote:
> Well, we should - the DEFAULT is clearly a client-side default
> for compatibility only. No server should ever run with it.

Any other opinions on this out there? All instances of other
SSL-enabled servers out there, except nginx, default to some variant of
DEFAULT:!LOW:... or HIGH:MEDIUM:.... The proposal here is essentially
to disable MEDIUM ciphers by default, which is explicitly advised
against in the Postfix and Dovecot documentation, for example.

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tatsuo Ishii 2013-12-12 02:41:43 pgbench with large scale factor
Previous Message Kyotaro HORIGUCHI 2013-12-12 02:00:02 [BUG] Archive recovery failure on 9.3+.