Re: libpq compression
Martijn van Oosterhout <kleptog@svana.org>
From: Martijn van Oosterhout <kleptog@svana.org>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Florian Pflug <fgp@phlo.org>, Magnus Hagander <magnus@hagander.net>, Euler Taveira <euler@timbira.com>, Bruce Momjian <bruce@momjian.us>, Pgsql Hackers <pgsql-hackers@postgresql.org>
Date: 2012-06-18T17:42:34Z
Lists: pgsql-hackers
On Sun, Jun 17, 2012 at 12:29:53PM -0400, Tom Lane wrote: > The fly in the ointment with any of these ideas is that the "configure > list" is not a list of exact cipher names, as per Magnus' comment that > the current default includes tests like "!aNULL". I am not sure that > we know how to evaluate such conditions if we are applying an > after-the-fact check on the selected cipher. Does OpenSSL expose any > API for evaluating whether a selected cipher meets such a test? I'm not sure whether there's an API for it, but you can certainly check manually with "openssl ciphers -v", for example: $ openssl ciphers -v 'ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP' NULL-SHA SSLv3 Kx=RSA Au=RSA Enc=None Mac=SHA1 NULL-MD5 SSLv3 Kx=RSA Au=RSA Enc=None Mac=MD5 ...etc... So unless the openssl includes the code twice there must be a way to extract the list from the library. Have a nice ay, -- Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/ > He who writes carelessly confesses thereby at the very outset that he does > not attach much importance to his own thoughts. -- Arthur Schopenhauer