On Tue, Aug 26, 2025 at 7:10 AM Tom Lane <[email protected]> wrote: > (For that matter, if you have system-level security specifications > to meet, why would you not alter the system-wide OpenSSL configuration > on the client's host?)
There is that, or you can maybe use OPENSSL_CONF for more granularity. (But I'm beginning to think we should support named configuration sections [1] of openssl.conf, in both the client and the server, to make this a bit easier.) --Jacob [1] https://docs.openssl.org/1.1.1/man3/SSL_CTX_config/
