On Tue, Apr 11, 2017 at 08:10:23AM +0300, Heikki Linnakangas wrote: > On 04/11/2017 04:52 AM, Peter Eisentraut wrote: > Good question. We would need to decide the order of preference for those. > > That question won't arise in practice. Firstly, if the server can do > scram-sha-256-plus, it presumably can also do scram-sha-512-plus. Unless > there's a change in the way the channel binding works, such that the > scram-sha-512-plus variant needs a newer version of OpenSSL or something. > Secondly, the user's pg_authid row will contain a SCRAM-SHA-256 or > SCRAM-SHA-512 verifier, not both, so that will dictate which one to use.
It seems openssl has had to deal with cipher preferences for years and invented ssl_ciphers. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
