Re: Question regarding SSL code in backend and frontend
| От | Magnus Hagander |
|---|---|
| Тема | Re: Question regarding SSL code in backend and frontend |
| Дата | |
| Msg-id | CABUevEzMhF=v2oMt9K27+6m=-RiWxm=ZRpA7RHrD+ZWWO3RBzw@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Question regarding SSL code in backend and frontend (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
On Fri, Apr 6, 2012 at 18:43, Tom Lane <tgl@sss.pgh.pa.us> wrote: > Magnus Hagander <magnus@hagander.net> writes: >> True. I guess I was just assuming that JDBC (and npgsql i think?) were >> using TLS - I would assume that to be the default in both Java and >> .NET. We'd have to check that before making a change of course - and >> I'm not convinced we need to make the change. But if we're making a >> change to align those two with each other, that's the direction the >> change should be in. > > Agreed, but should we align them? IIUC, changing the server would cause > it to reject connections from old non-TLS-aware clients. Seems like > that isn't a particularly good idea. Well, it would be a good idea for those that want to be sure they're using TLS for security reasons (tlsv1 is more secure than sslv3 - see e.g. http://en.wikipedia.org/wiki/Transport_Layer_Security#Security). We could also add a server parameter saying ssl_tls_only or something like that which would switch it... -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/
В списке pgsql-hackers по дате отправления: