<div dir="ltr"><div>Hi</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Mar 26, 2019 at 12:48 PM Tatsuo Ishii <<a href="mailto:ishii@sraoss.co.jp">ishii@sraoss.co.jp</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">>>> The patch looks fine, One small comment is, do you think we should make<br>
>>> the SSL_CTX_set_options(cp->ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); call<br>
>>> conditional with some new configuration parameter (similar to PostgreSQL's<br>
>>> ssl_prefer_server_ciphers config)<br>
>>> and set the default value of that parameter to "off", so that minor version<br>
>>> upgrades<br>
>>> keep the consistent behaviour, and users gets the option to use server or<br>
>>> client cipher preference.<br>
>> <br>
>> Yeah, since we are going make releases for stable branches, keeping<br>
>> existent behavior is important. I agree with you.<br>
>> <br>
>> Do you mind if I ask you to implement ssl_prefer_server_ciphers? If<br>
>> ok, I would like to push the patch as proposed (without<br>
>> ssl_prefer_server_ciphers), then you implement<br>
>> ssl_prefer_server_ciphers part on top of it.<br>
> <br>
> Sure I will do that today after you push this path <br>
<br>
Thanks! Pushed to from 3.4 to master.<br></blockquote><div><br></div><div>I have pushed the commit adding ssl_prefer_server_ciphers config parameter to all </div><div>branches from 3.4</div><div><br></div><div>Thanks</div><div>Best Regards</div><div>Muhammad Usama</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Best regards,<br>
--<br>
Tatsuo Ishii<br>
SRA OSS, Inc. Japan<br>
English: <a href="http://www.sraoss.co.jp/index_en.php" rel="noreferrer" target="_blank">http://www.sraoss.co.jp/index_en.php</a><br>
Japanese:<a href="http://www.sraoss.co.jp" rel="noreferrer" target="_blank">http://www.sraoss.co.jp</a><br>
</blockquote></div></div>