From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
Cc: | Marko Kreen <markokr(at)gmail(dot)com>, Postgres Hackers List <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: SSL: better default ciphersuite |
Date: | 2013-12-12 03:08:44 |
Message-ID: | 20803.1386817724@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> Any other opinions on this out there? All instances of other
> SSL-enabled servers out there, except nginx, default to some variant of
> DEFAULT:!LOW:... or HIGH:MEDIUM:.... The proposal here is essentially
> to disable MEDIUM ciphers by default, which is explicitly advised
> against in the Postfix and Dovecot documentation, for example.
Doesn't seem like a great idea then. I assume that if left to its own
devices, PG presently selects some MEDIUM-level cipher by default? If so,
it sounds like this change amounts to imposing a performance penalty for
SSL connections by fiat. On the other hand, if we select a HIGH cipher by
default, then aren't we just refusing to let clients who explicitly ask
for a MEDIUM cipher have one? Either way, I'd want to see a pretty darn
airtight rationale for that, and there sure isn't one in this thread
so far.
The part of the patch that removes @STRENGTH seems plausible, though,
if Marko is correct that that's effectively overriding a hand-tailored
ordering.
In the end I wonder why our default isn't just "DEFAULT". Anybody who
thinks that's an inappropriate default should be lobbying the OpenSSL
folk, not us, I should think.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2013-12-12 03:29:46 | Re: Changeset Extraction Interfaces |
Previous Message | Tatsuo Ishii | 2013-12-12 02:49:38 | Re: pgbench with large scale factor |