Re: Add support to TLS 1.3 cipher suites and curves lists
Peter Eisentraut <peter@eisentraut.org>
From: Peter Eisentraut <peter@eisentraut.org>
To: Jacob Champion <jacob.champion@enterprisedb.com>,
Daniel Gustafsson <daniel@yesql.se>
Cc: Erica Zhang <ericazhangy2021@qq.com>, Andres Freund <andres@anarazel.de>,
Jelte Fennema-Nio <postgres@jeltef.nl>,
pgsql-hackers <pgsql-hackers@lists.postgresql.org>
Date: 2024-09-25T08:51:05Z
Lists: pgsql-hackers
On 18.09.24 22:48, Jacob Champion wrote: >> +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed TLSv1.2 ciphers >> +#ssl_cipher_suites = '' # allowed TLSv1.3 cipher suites, blank for default > After marinating on this a bit... I think the naming may result in > some "who's on first" miscommunications in forums and on the list. "I > set the SSL ciphers to <whatever>, but it says there are no valid > ciphers available!" Should we put TLS 1.3 into the new GUC name > somehow? Yeah, I think just ssl_ciphers = ssl_ciphers_tlsv13 = would be clear enough. Just using "ciphers" vs. "cipher suites" would not be.
Commits
-
Handle alphanumeric characters in matching GUC names
- f81855171f95 18.0 landed
-
Only perform pg_strong_random init when required
- c3333dbc0c0f 18.0 cited