[pgpool-hackers: 3276] Re: ssl_ciphers
Tatsuo Ishii
ishii at sraoss.co.jp
Tue Mar 26 16:48:18 JST 2019
>>> The patch looks fine, One small comment is, do you think we should make
>>> the SSL_CTX_set_options(cp->ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); call
>>> conditional with some new configuration parameter (similar to PostgreSQL's
>>> ssl_prefer_server_ciphers config)
>>> and set the default value of that parameter to "off", so that minor version
>>> upgrades
>>> keep the consistent behaviour, and users gets the option to use server or
>>> client cipher preference.
>>
>> Yeah, since we are going make releases for stable branches, keeping
>> existent behavior is important. I agree with you.
>>
>> Do you mind if I ask you to implement ssl_prefer_server_ciphers? If
>> ok, I would like to push the patch as proposed (without
>> ssl_prefer_server_ciphers), then you implement
>> ssl_prefer_server_ciphers part on top of it.
>
> Sure I will do that today after you push this path
Thanks! Pushed to from 3.4 to master.
Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp
More information about the pgpool-hackers
mailing list