On 22/05/15 02:06, Tom Lane wrote:
Jan Bilek <jan.bi...@eftlab.co.uk> writes:
We are trying to setup Postgres with TLSv1.2 (undergoing PA:DSS audit),
but getting a bit stuck there with Postgres reporting “could not accept
SSL connection: no shared cipher�. This is obviously an internal OpenSSL
message, but worrying part is that we've had this setup running with the
other encryptions and the same certificates without any problems.
We've been trying to follow documentation from here:
http://www.postgresql.org/docs/9.3/static/ssl-tcp.html.
libpq versions before 9.4 will only accept TLSv1 exactly. In 9.4 it
should negotiate the highest TLS version supported by both server and
client.
I don't recall why we didn't back-patch that change, probably excessive
concern for backwards compatibility ... but anyway, AFAICS from the git
logs, it's not in 9.3.x. I think you could get TLS 1.2 from a 9.3 server
and 9.4 libpq, if that helps.
regards, tom lane
That explains it whole. Thank you for your fast and clear answer.
Best,
Jan
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
