Re: SSL enhancement patch ver.2
| От | Bruce Momjian |
|---|---|
| Тема | Re: SSL enhancement patch ver.2 |
| Дата | |
| Msg-id | 200702142233.l1EMXbq00867@momjian.us обсуждение исходный текст |
| Ответ на | Re: SSL enhancement patch ver.2 (Bruce Momjian <bruce@momjian.us>) |
| Список | pgsql-patches |
Never mind, I found the answer:
http://archives.postgresql.org/pgsql-hackers/2006-08/msg01931.php
Working on the patch now.
---------------------------------------------------------------------------
Bruce Momjian wrote:
> Victor B. Wagner wrote:
> > This patch adds following functionality to PostgreSQL
> >
> > 1. If PostgreSQL is compiled with OpenSSL version 0.9.7 and above,
> > both backend and libpq read site-wide OpenSSL configuration file as
> > described in OPENSSL_config functon manual page.
> >
> > This allows to use hardware crypto acceleration modules (engines) and,
> > in future version 0.9.9 would allow to use additional cryptoalgorithms
> > (i.e. national standards) which are not included in core OpenSSL.
> >
> > All other configuration parameters which are supported by OpenSSL
> > library also are taken into account.
> >
> >
> > 2. New configuration option "ssl_ciphers" is added to postgresql.conf.
> > This option allows to change list of ciphers, acceptable by backend
> > during SSL connection. Changing list of ciphers can be desirable to
> > tighten or relax security of particular installation, and allows quick
> > fix on configuration file level in case if vulnerability is discovered
> > in one of cryptoalgorithms or their OpenSSL implementation - cipher
> > suites which use such algorithm can be easily disabled.
>
> Why are you adding "ssl_ciphers" to postgresql.conf? Can't you control
> that from the site-wide OpenSSL configuration file added above?
>
> --
> Bruce Momjian <bruce@momjian.us> http://momjian.us
> EnterpriseDB http://www.enterprisedb.com
>
> + If your life is a hard drive, Christ can be your backup. +
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: Don't 'kill -9' the postmaster
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://www.enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
В списке pgsql-patches по дате отправления: