Re: [HACKERS] GnuTLS support

On 09/07/2017 11:34 PM, Tomas Vondra wrote:
>> I am worried about having 3x version of TLS controls in
>> postgresql.conf, and only one set being active. Perhaps we need to
>> break out the TLS config to separate files or something. Anyway, this
>> needs more thought.
> 
> Well, people won't be able to set the inactive options, just like you
> can't set ssl=on when you build without OpenSSL support. But perhaps we
> could simply not include the inactive options into the config file, no?

Yeah, I have been thinking about how bad it would be to dynamically 
generate the config file. I think I will try this.

Daniel: What options does Secure Transport need for configuring ciphers, 
ECDH, and cipher preference? Does it need any extra options (I think I 
saw something about the keychain)?

Andreas


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers