|
1 | | -<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.399 2007/12/2903:44:34 momjian Exp $ --> |
| 1 | +<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.400 2007/12/2904:27:02 momjian Exp $ --> |
2 | 2 |
|
3 | 3 | <chapter Id="runtime"> |
4 | 4 | <title>Operating System Environment</title> |
@@ -1604,12 +1604,20 @@ $ <userinput>kill -INT `head -1 /usr/local/pgsql/data/postmaster.pid`</userinput |
1604 | 1604 | ciphers can be specified in the <productname>OpenSSL</productname> |
1605 | 1605 | configuration file, you can specify ciphers specifically for use by |
1606 | 1606 | the database server by modifying <xref linkend="guc-ssl-ciphers"> in |
1607 | | - <filename>postgresql.conf</>. It is possible to have authentication |
1608 | | - without the overhead of encryption by using <literal>NULL-SHA</> or |
1609 | | - <literal>NULL-MD5</> ciphers. However, a man-in-the-middle could read |
1610 | | - and pass communications between client and server. |
| 1607 | + <filename>postgresql.conf</>. |
1611 | 1608 | </para> |
1612 | 1609 |
|
| 1610 | + <note> |
| 1611 | + <para> |
| 1612 | + It is possible to have authentication without encryption overhead by |
| 1613 | + using <literal>NULL-SHA</> or <literal>NULL-MD5</> ciphers. However, |
| 1614 | + a man-in-the-middle could read and pass communications between client |
| 1615 | + and server. Also, encryption overhead is minimal compared to the |
| 1616 | + overhead of authentication. For these reasons NULL ciphers are not |
| 1617 | + recommended. |
| 1618 | + </para> |
| 1619 | + </note> |
| 1620 | + |
1613 | 1621 | <para> |
1614 | 1622 | To start in <acronym>SSL</> mode, the files <filename>server.crt</> |
1615 | 1623 | and <filename>server.key</> must exist in the server's data directory. |
|