Re: [HACKERS] libpq connection strings: control over the ciphersuites?
| От | Joe Conway |
|---|---|
| Тема | Re: [HACKERS] libpq connection strings: control over the ciphersuites? |
| Дата | |
| Msg-id | 16ac3573-1c73-3336-ae63-9adc3c5f033c@joeconway.com обсуждение исходный текст |
| Ответ на | [HACKERS] libpq connection strings: control over the cipher suites? (Graham Leggett <minfrin@sharp.fm>) |
| Ответы |
Re: [HACKERS] libpq connection strings: control over the cipher suites?
|
| Список | pgsql-hackers |
On 11/09/2017 03:27 AM, Graham Leggett wrote: > Is there a parameter or mechanism for setting the required ssl cipher list from the client side? I don't believe so. That is controlled by ssl_ciphers, which requires a restart in order to change. https://www.postgresql.org/docs/10/static/runtime-config-connection.html#GUC-SSL-CIPHERS select name,setting,context from pg_settings where name like '%ssl%'; name | setting | context ---------------------------+--------------------------+------------ssl | off |postmasterssl_ca_file | | postmasterssl_cert_file | server.crt | postmasterssl_ciphers | HIGH:MEDIUM:+3DES:!aNULL | postmasterssl_crl_file | | postmasterssl_ecdh_curve | prime256v1 | postmasterssl_key_file |server.key | postmasterssl_prefer_server_ciphers | on | postmaster (8 rows) HTH, Joe -- Crunchy Data - http://crunchydata.com PostgreSQL Support for Secure Enterprises Consulting, Training, & Open Source Development
В списке pgsql-hackers по дате отправления: