[pgpool-hackers: 3280] Re: ssl_ciphers
Muhammad Usama
m.usama at gmail.com
Wed Mar 27 17:24:53 JST 2019
Hi
On Tue, Mar 26, 2019 at 12:48 PM Tatsuo Ishii <ishii at sraoss.co.jp> wrote:
> >>> The patch looks fine, One small comment is, do you think we should make
> >>> the SSL_CTX_set_options(cp->ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
> call
> >>> conditional with some new configuration parameter (similar to
> PostgreSQL's
> >>> ssl_prefer_server_ciphers config)
> >>> and set the default value of that parameter to "off", so that minor
> version
> >>> upgrades
> >>> keep the consistent behaviour, and users gets the option to use server
> or
> >>> client cipher preference.
> >>
> >> Yeah, since we are going make releases for stable branches, keeping
> >> existent behavior is important. I agree with you.
> >>
> >> Do you mind if I ask you to implement ssl_prefer_server_ciphers? If
> >> ok, I would like to push the patch as proposed (without
> >> ssl_prefer_server_ciphers), then you implement
> >> ssl_prefer_server_ciphers part on top of it.
> >
> > Sure I will do that today after you push this path
>
> Thanks! Pushed to from 3.4 to master.
>
I have pushed the commit adding ssl_prefer_server_ciphers config parameter
to all
branches from 3.4
Thanks
Best Regards
Muhammad Usama
> Best regards,
> --
> Tatsuo Ishii
> SRA OSS, Inc. Japan
> English: http://www.sraoss.co.jp/index_en.php
> Japanese:http://www.sraoss.co.jp
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.sraoss.jp/pipermail/pgpool-hackers/attachments/20190327/fa876afe/attachment.html>
More information about the pgpool-hackers
mailing list