database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-05-03 22:24:49 +03:00
Code

doc: Document that ssl_ciphers does not affect TLS 1.3

Browse Source 
TLS 1.3 uses a different way of specifying ciphers and a different
OpenSSL API.  PostgreSQL currently does not support setting those
ciphers.  For now, just document this.  In the future, support for
this might be added somehow.

Reviewed-by: Jonathan S. Katz <jkatz@postgresql.org>
Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us>
This commit is contained in:
Peter Eisentraut 2020-07-23 17:13:00 +02:00
parent 47adb24882
commit edfc08652a
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
doc/src/sgml/config.sgml
View File

@ -1056,11 +1056,14 @@ include_dir 'conf.d'
</term> </term>
<listitem> <listitem>
<para> <para>
Specifies a list of <acronym>SSL</> cipher suites that are allowed to be Specifies a list of <acronym>SSL</> cipher suites that are
used on secure connections. See allowed to be used by SSL connections. See the
the <citerefentry><refentrytitle>ciphers</></citerefentry> manual page <citerefentry><refentrytitle>ciphers</></citerefentry>
in the <application>OpenSSL</> package for the syntax of this setting manual page in the <application>OpenSSL</> package for the
and a list of supported values. The default value is syntax of this setting and a list of supported values. Only
connections using TLS version 1.2 and lower are affected. There is
currently no setting that controls the cipher choices used by TLS
version 1.3 connections. The default value is
<literal>HIGH:MEDIUM:+3DES:!aNULL</>. It is usually reasonable, <literal>HIGH:MEDIUM:+3DES:!aNULL</>. It is usually reasonable,
unless you have specific security requirements. This parameter can only unless you have specific security requirements. This parameter can only
be set at server start. be set at server start.