On Fri, 2013-11-29 at 18:43 +0200, Marko Kreen wrote: > Well, we should - the DEFAULT is clearly a client-side default > for compatibility only. No server should ever run with it.
Any other opinions on this out there? All instances of other SSL-enabled servers out there, except nginx, default to some variant of DEFAULT:!LOW:... or HIGH:MEDIUM:.... The proposal here is essentially to disable MEDIUM ciphers by default, which is explicitly advised against in the Postfix and Dovecot documentation, for example. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
