Alvaro Herrera writes:
> Tom Lane wrote:
>> If we did have code for multiple libraries, perhaps some people would
>> want to compile all the variants at once; in which case overloading a
>> single option to be used for all the libraries would be a problem.
> Hmm, I don't think our abstraction wou
Tom Lane wrote:
> Daniel Gustafsson writes:
> > Since we hopefully will support more SSL libraries than OpenSSL at some
> > point,
> > and we don’t want a torrent of configure options, wouldn’t this be better as
> > --with-server-ciphers=STRING or something similar?
>
> One of the reasons I'm
Daniel Gustafsson writes:
> Since we hopefully will support more SSL libraries than OpenSSL at some point,
> and we don’t want a torrent of configure options, wouldn’t this be better as
> --with-server-ciphers=STRING or something similar?
One of the reasons I'm not very excited about exposing t
> On 08 Feb 2017, at 13:31, Pavel Raiskup wrote:
>
> On Wednesday, February 8, 2017 1:29:19 PM CET Pavel Raiskup wrote:
>> On Wednesday, February 8, 2017 1:05:08 AM CET Tom Lane wrote:
>>> Peter Eisentraut writes:
On 2/7/17 11:21 AM, Tom Lane wrote:
> A compromise that might be worth co
On Wednesday, February 8, 2017 1:05:08 AM CET Tom Lane wrote:
> Peter Eisentraut writes:
> > On 2/7/17 11:21 AM, Tom Lane wrote:
> >> A compromise that might be worth considering is to introduce
> >> #define PG_DEFAULT_SSL_CIPHERS "HIGH:MEDIUM:+3DES:!aNULL"
> >> into pg_config_manual.h, which woul
Peter Eisentraut writes:
> On 2/7/17 11:21 AM, Tom Lane wrote:
>> A compromise that might be worth considering is to introduce
>> #define PG_DEFAULT_SSL_CIPHERS "HIGH:MEDIUM:+3DES:!aNULL"
>> into pg_config_manual.h, which would at least give you a reasonably
>> stable target point for a long-lived
On 2/7/17 11:21 AM, Tom Lane wrote:
> A compromise that might be worth considering is to introduce
>
> #define PG_DEFAULT_SSL_CIPHERS "HIGH:MEDIUM:+3DES:!aNULL"
>
> into pg_config_manual.h, which would at least give you a reasonably
> stable target point for a long-lived patch.
You'd still need
Pavel Raiskup writes:
> PostgreSQL server uses 'HIGH:MEDIUM:+3DES:!aNULL' cipher set by default,
> but what Fedora would like to have is 'PROFILE=SYSTEM' (works with
> Fedora-patched OpenSSL, so please don't waste your time with checking this
> elsewhere).
> ...
> I'd like to propose the attached
Hi hackers,
in Fedora, there's crypto initiative where people try to consolidate ssl
cipher settings for (majority of) Fedora services (PostgreSQL is
included).
PostgreSQL server uses 'HIGH:MEDIUM:+3DES:!aNULL' cipher set by default,
but what Fedora would like to have is 'PROFILE=SYSTEM' (works w
