NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit807dbce

committed

doc: Document that ssl_ciphers does not affect TLS 1.3

TLS 1.3 uses a different way of specifying ciphers and a differentOpenSSL API. PostgreSQL currently does not support setting thoseciphers. For now, just document this. In the future, support forthis might be added somehow.Reviewed-by: Jonathan S. Katz <jkatz@postgresql.org>Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us>

1 parent028f0c3 commit807dbceCopy full SHA for 807dbce

File tree

1 file changed

+16

-10

lines changed

doc/src/sgml
- config.sgml

1 file changed

+16

-10

lines changed

`‎doc/src/sgml/config.sgml`

Lines changed: 16 additions & 10 deletions

Original file line number	Diff line number	Diff line change
`@@ -1178,16 +1178,22 @@ include_dir 'conf.d'`
`1178`	`1178`	`</term>`
`1179`	`1179`	`<listitem>`
`1180`	`1180`	`<para>`
`1181`		`- Specifies a list of <acronym>SSL</acronym> cipher suites that are allowed to be`
`1182`		`- used on secure connections. See`
`1183`		`- the <citerefentry><refentrytitle>ciphers</refentrytitle></citerefentry> manual page`
`1184`		`- in the <application>OpenSSL</application> package for the syntax of this setting`
`1185`		`- and a list of supported values.`
`1186`		`- This parameter can only be set in the <filename>postgresql.conf</filename>`
`1187`		`- file or on the server command line.`
`1188`		`- The default value is <literal>HIGH:MEDIUM:+3DES:!aNULL</literal>. The`
`1189`		`- default is usually a reasonable choice unless you have specific`
`1190`		`- security requirements.`
	`1181`	`+ Specifies a list of <acronym>SSL</acronym> cipher suites that are`
	`1182`	`+ allowed to be used by SSL connections. See the`
	`1183`	`+ <citerefentry><refentrytitle>ciphers</refentrytitle></citerefentry>`
	`1184`	`+ manual page in the <application>OpenSSL</application> package for the`
	`1185`	`+ syntax of this setting and a list of supported values. Only`
	`1186`	`+ connections using TLS version 1.2 and lower are affected. There is`
	`1187`	`+ currently no setting that controls the cipher choices used by TLS`
	`1188`	`+ version 1.3 connections. The default value is`
	`1189`	`+ <literal>HIGH:MEDIUM:+3DES:!aNULL</literal>. The default is usually a`
	`1190`	`+ reasonable choice unless you have specific security requirements.`
	`1191`	`+ </para>`
	`1192`	`+`
	`1193`	`+ <para>`
	`1194`	`+ This parameter can only be set in the`
	`1195`	`+ <filename>postgresql.conf</filename> file or on the server command`
	`1196`	`+ line.`
`1191`	`1197`	`</para>`
`1192`	`1198`
`1193`	`1199`	`<para>`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit807dbce

File tree

1 file changed

1 file changed

`‎doc/src/sgml/config.sgml`

0 commit comments