[pgpool-hackers: 3281] Re: ssl_ciphers

[Tatsuo Ishii]

Great! Thank you!

I will take care Japanese doc part.
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp

> Hi
> 
> On Tue, Mar 26, 2019 at 12:48 PM Tatsuo Ishii <ishii at sraoss.co.jp> wrote:
> 
>> >>> The patch looks fine, One small comment is, do you think we should make
>> >>> the SSL_CTX_set_options(cp->ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
>> call
>> >>> conditional with some new configuration parameter (similar to
>> PostgreSQL's
>> >>> ssl_prefer_server_ciphers config)
>> >>> and set the default value of that parameter to "off", so that minor
>> version
>> >>> upgrades
>> >>> keep the consistent behaviour, and users gets the option to use server
>> or
>> >>> client cipher preference.
>> >>
>> >> Yeah, since we are going make releases for stable branches, keeping
>> >> existent behavior is important. I agree with you.
>> >>
>> >> Do you mind if I ask you to implement ssl_prefer_server_ciphers? If
>> >> ok, I would like to push the patch as proposed (without
>> >> ssl_prefer_server_ciphers), then you implement
>> >> ssl_prefer_server_ciphers part on top of it.
>> >
>> > Sure I will do that today after you push this path
>>
>> Thanks! Pushed to from 3.4 to master.
>>
> 
> I have pushed the commit adding  ssl_prefer_server_ciphers config parameter
> to all
> branches from 3.4
> 
> Thanks
> Best Regards
> Muhammad Usama
> 
> 
>> Best regards,
>> --
>> Tatsuo Ishii
>> SRA OSS, Inc. Japan
>> English: http://www.sraoss.co.jp/index_en.php
>> Japanese:http://www.sraoss.co.jp
>>