mirror of
https://github.com/postgres/postgres.git
synced 2025-07-28 23:42:10 +03:00
SSL: Add configuration option to prefer server cipher order
By default, OpenSSL (and SSL/TLS in general) lets the client cipher order take priority. This is OK for browsers where the ciphers were tuned, but few PostgreSQL client libraries make the cipher order configurable. So it makes sense to have the cipher order in postgresql.conf take priority over client defaults. This patch adds the setting "ssl_prefer_server_ciphers" that can be turned on so that server cipher order is preferred. Per discussion, this now defaults to on. From: Marko Kreen <markokr@gmail.com> Reviewed-by: Adrian Klaver <adrian.klaver@gmail.com>
This commit is contained in:
@ -127,6 +127,7 @@ extern char *temp_tablespaces;
|
||||
extern bool ignore_checksum_failure;
|
||||
extern bool synchronize_seqscans;
|
||||
extern char *SSLCipherSuites;
|
||||
extern bool SSLPreferServerCiphers;
|
||||
|
||||
#ifdef TRACE_SORT
|
||||
extern bool trace_sort;
|
||||
@ -800,6 +801,15 @@ static struct config_bool ConfigureNamesBool[] =
|
||||
false,
|
||||
check_ssl, NULL, NULL
|
||||
},
|
||||
{
|
||||
{"ssl_prefer_server_ciphers", PGC_POSTMASTER, CONN_AUTH_SECURITY,
|
||||
gettext_noop("Give priority to server ciphersuite order."),
|
||||
NULL
|
||||
},
|
||||
&SSLPreferServerCiphers,
|
||||
true,
|
||||
NULL, NULL, NULL
|
||||
},
|
||||
{
|
||||
{"fsync", PGC_SIGHUP, WAL_SETTINGS,
|
||||
gettext_noop("Forces synchronization of updates to disk."),
|
||||
|
Reference in New Issue
Block a user