SSL support for ephemeral DH keys.
Bruce Momjian <bruce@momjian.us>
SSL support for ephemeral DH keys. As the comment headers in be-secure.c discusses, EPH preserves confidentiality even if the static private key (which is usually kept unencrypted) is compromised. Because of the value of this, common default values are hard-coded to protect the confidentiality of the data even if an attacker successfully deletes or modifies the external file. Bear Giles
Files
| Path | Change | +/− |
|---|---|---|
| src/backend/libpq/be-secure.c | modified | +257 −3 |
| src/interfaces/libpq/fe-secure.c | modified | +219 −2 |