Re: Review:Patch: SSL: prefer server cipher order

On Sat, Nov 16, 2013 at 01:03:05PM -0800, Adrian Klaver wrote:
> On 11/16/2013 12:37 PM, Marko Kreen wrote:
> >Thanks for testing!
> >
> >On Sat, Nov 16, 2013 at 12:17:40PM -0800, Adrian Klaver wrote:
> >>On 11/16/2013 06:24 AM, Marko Kreen wrote:
> >>>ssl-better-default:
> >>>   SSL should stay working, openssl ciphers -v 'value' should not contain
> >>>   any weak suites (RC4, SEED, DES-CBC, EXP, NULL) and no non-authenticated
> >>>   suites (ADH/AECDH).
> >>
> >>Not sure about the above, if it is a GUC I can't find it. If it is
> >>something else than I will have to plead ignorance.
> >
> >The patch just changes the default value for 'ssl_ciphers' GUC.
> 
> I am still not sure what patch you are talking about. The two
> patches I saw where for server_prefer and ECDH key exchange.
> 
> >
> >The question is if the value works at all, and is good.
> >
> 
> What value would we be talking about?

Ah, sorry.  It's this one:
  https://commitfest.postgresql.org/action/patch_view?id=1310

> Note: I have been working through a head cold and thought processes
> are sluggish, handle accordingly:)

Get better soon!  :)

-- 
marko