settings to control SSL/TLS protocol version
| От | David G. Johnston |
|---|---|
| Тема | settings to control SSL/TLS protocol version |
| Дата | |
| Msg-id | CAKFQuwaAaU20txViA7hq3-GQquFMCGUmmbcc_bjMMHwrEvJK4A@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: settings to control SSL/TLS protocol version (David Fetter <david@fetter.org>) |
| Список | pgsql-hackers |
On Monday, November 5, 2018, David Fetter <david@fetter.org> wrote:
On Mon, Nov 05, 2018 at 03:01:58PM -0500, Robert Haas wrote:
> On Mon, Oct 1, 2018 at 4:21 PM Peter Eisentraut
> <peter.eisentraut@2ndquadrant.com> wrote:
> >
> > Attached is a patch that implements this. For example:
> >
> > ssl_min_protocol_version = 'TLSv1'
> > ssl_max_protocol_version = 'any'
>
> +1. Maybe it would make sense to spell 'any' as the empty string.
> Intuitively, it makes more sense to me to think about there being no
> maximum than to think about the maximum being anything.
..and now, I'm finally beginning to see the reasoning that led Oracle
to conflate NULL and empty string.
Seems like a situation for ‘n/a’ though maybe that’s too English-centric...
I’m a bit uncertain about the mix of name and number in something that purports to be a version and thus should be numeric only. SSLv3 and TLSv2 would not be comparable in terms of min/max...but I haven’t delved deeply into the feature either.
David J.
В списке pgsql-hackers по дате отправления: