Re: SSL: better default ciphersuite

On 2/2/14, 7:16 AM, Marko Kreen wrote:
> On Thu, Dec 12, 2013 at 04:32:07PM +0200, Marko Kreen wrote:
>> Attached patch changes default ciphersuite to HIGH:MEDIUM:+3DES:!aNULL
>> and also adds documentation about reasoning for it.
> 
> This is the last pending SSL cleanup related patch:
> 
>   https://commitfest.postgresql.org/action/patch_view?id=1310
> 
> Peter, you have claimed it as committer, do you see any remaining
> issues with it?

I'm OK with this change on the principle of clarifying and refining the
existing default.  But after inspecting the expanded cipher list with
the "openssl cipher" tool, I noticed that the new default re-enabled MD5
ciphers.  Was that intentional?