Jan Bilek <jan.bi...@eftlab.co.uk> writes: > We are trying to setup Postgres with TLSv1.2 (undergoing PA:DSS audit), > but getting a bit stuck there with Postgres reporting âcould not accept > SSL connection: no shared cipherâ. This is obviously an internal OpenSSL > message, but worrying part is that we've had this setup running with the > other encryptions and the same certificates without any problems.
> We've been trying to follow documentation from here: > http://www.postgresql.org/docs/9.3/static/ssl-tcp.html. libpq versions before 9.4 will only accept TLSv1 exactly. In 9.4 it should negotiate the highest TLS version supported by both server and client. I don't recall why we didn't back-patch that change, probably excessive concern for backwards compatibility ... but anyway, AFAICS from the git logs, it's not in 9.3.x. I think you could get TLS 1.2 from a 9.3 server and 9.4 libpq, if that helps. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
