Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Commit807dbce

Browse files
committed
doc: Document that ssl_ciphers does not affect TLS 1.3
TLS 1.3 uses a different way of specifying ciphers and a differentOpenSSL API. PostgreSQL currently does not support setting thoseciphers. For now, just document this. In the future, support forthis might be added somehow.Reviewed-by: Jonathan S. Katz <jkatz@postgresql.org>Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us>
1 parent028f0c3 commit807dbce

File tree

1 file changed

+16
-10
lines changed

1 file changed

+16
-10
lines changed

‎doc/src/sgml/config.sgml

Lines changed: 16 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1178,16 +1178,22 @@ include_dir 'conf.d'
11781178
</term>
11791179
<listitem>
11801180
<para>
1181-
Specifies a list of <acronym>SSL</acronym> cipher suites that are allowed to be
1182-
used on secure connections. See
1183-
the <citerefentry><refentrytitle>ciphers</refentrytitle></citerefentry> manual page
1184-
in the <application>OpenSSL</application> package for the syntax of this setting
1185-
and a list of supported values.
1186-
This parameter can only be set in the <filename>postgresql.conf</filename>
1187-
file or on the server command line.
1188-
The default value is <literal>HIGH:MEDIUM:+3DES:!aNULL</literal>. The
1189-
default is usually a reasonable choice unless you have specific
1190-
security requirements.
1181+
Specifies a list of <acronym>SSL</acronym> cipher suites that are
1182+
allowed to be used by SSL connections. See the
1183+
<citerefentry><refentrytitle>ciphers</refentrytitle></citerefentry>
1184+
manual page in the <application>OpenSSL</application> package for the
1185+
syntax of this setting and a list of supported values. Only
1186+
connections using TLS version 1.2 and lower are affected. There is
1187+
currently no setting that controls the cipher choices used by TLS
1188+
version 1.3 connections. The default value is
1189+
<literal>HIGH:MEDIUM:+3DES:!aNULL</literal>. The default is usually a
1190+
reasonable choice unless you have specific security requirements.
1191+
</para>
1192+
1193+
<para>
1194+
This parameter can only be set in the
1195+
<filename>postgresql.conf</filename> file or on the server command
1196+
line.
11911197
</para>
11921198

11931199
<para>

0 commit comments

Comments
 (0)

[8]ページ先頭

©2009-2025 Movatter.jp