Alvaro Herrera writes:
> Tom Lane wrote:
>> If we did have code for multiple libraries, perhaps some people would
>> want to compile all the variants at once; in which case overloading a
>> single option to be used for all the libraries would be a problem.
> Hmm, I don't think our abstraction wou
Tom Lane wrote:
> Daniel Gustafsson writes:
> > Since we hopefully will support more SSL libraries than OpenSSL at some
> > point,
> > and we don’t want a torrent of configure options, wouldn’t this be better as
> > --with-server-ciphers=STRING or something similar?
>
> One of the reasons I'm
Daniel Gustafsson writes:
> Since we hopefully will support more SSL libraries than OpenSSL at some point,
> and we don’t want a torrent of configure options, wouldn’t this be better as
> --with-server-ciphers=STRING or something similar?
One of the reasons I'm not very excited about exposing t
> On 08 Feb 2017, at 13:31, Pavel Raiskup wrote:
>
> On Wednesday, February 8, 2017 1:29:19 PM CET Pavel Raiskup wrote:
>> On Wednesday, February 8, 2017 1:05:08 AM CET Tom Lane wrote:
>>> Peter Eisentraut writes:
On 2/7/17 11:21 AM, Tom Lane wrote:
> A compromise that might be worth co
On Wednesday, February 8, 2017 1:05:08 AM CET Tom Lane wrote:
> Peter Eisentraut writes:
> > On 2/7/17 11:21 AM, Tom Lane wrote:
> >> A compromise that might be worth considering is to introduce
> >> #define PG_DEFAULT_SSL_CIPHERS "HIGH:MEDIUM:+3DES:!aNULL"
> >> into pg_config_manual.h, which woul
Peter Eisentraut writes:
> On 2/7/17 11:21 AM, Tom Lane wrote:
>> A compromise that might be worth considering is to introduce
>> #define PG_DEFAULT_SSL_CIPHERS "HIGH:MEDIUM:+3DES:!aNULL"
>> into pg_config_manual.h, which would at least give you a reasonably
>> stable target point for a long-lived
On 2/7/17 11:21 AM, Tom Lane wrote:
> A compromise that might be worth considering is to introduce
>
> #define PG_DEFAULT_SSL_CIPHERS "HIGH:MEDIUM:+3DES:!aNULL"
>
> into pg_config_manual.h, which would at least give you a reasonably
> stable target point for a long-lived patch.
You'd still need
Pavel Raiskup writes:
> PostgreSQL server uses 'HIGH:MEDIUM:+3DES:!aNULL' cipher set by default,
> but what Fedora would like to have is 'PROFILE=SYSTEM' (works with
> Fedora-patched OpenSSL, so please don't waste your time with checking this
> elsewhere).
> ...
> I'd like to propose the attached
