diff options
| author | Daniel Gustafsson <dgustafsson@postgresql.org> | 2024-10-24 15:20:32 +0200 |
|---|---|---|
| committer | Daniel Gustafsson <dgustafsson@postgresql.org> | 2024-10-24 15:20:32 +0200 |
| commit | 45188c2ea2391b7b24039e1632c726e2fc6b8008 (patch) | |
| tree | e85052c98e0775dd4932789e0fe603909a36bccf /src/backend/utils/misc/postgresql.conf.sample | |
| parent | 3d1ef3a15c3eb68dae44b94e89d04c422b26fc16 (diff) | |
Support configuring TLSv1.3 cipher suites
The ssl_ciphers GUC can only set cipher suites for TLSv1.2, and lower,
connections. For TLSv1.3 connections a different OpenSSL API must be
used. This adds a new GUC, ssl_tls13_ciphers, which can be used to
configure a colon separated list of cipher suites to support when
performing a TLSv1.3 handshake.
Original patch by Erica Zhang with additional hacking by me.
Author: Erica Zhang <ericazhangy2021@qq.com>
Author: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Jacob Champion <jacob.champion@enterprisedb.com>
Reviewed-by: Andres Freund <andres@anarazel.de>
Reviewed-by: Peter Eisentraut <peter@eisentraut.org>
Reviewed-by: Jelte Fennema-Nio <postgres@jeltef.nl>
Discussion: https://postgr.es/m/tencent_063F89FA72CCF2E48A0DF5338841988E9809@qq.com
Diffstat (limited to 'src/backend/utils/misc/postgresql.conf.sample')
| -rw-r--r-- | src/backend/utils/misc/postgresql.conf.sample | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample index 204eab5f1a7..39a3ac23127 100644 --- a/src/backend/utils/misc/postgresql.conf.sample +++ b/src/backend/utils/misc/postgresql.conf.sample @@ -110,7 +110,8 @@ #ssl_crl_file = '' #ssl_crl_dir = '' #ssl_key_file = 'server.key' -#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed TLSv1.2 ciphers +#ssl_tls13_ciphers = '' # allowed TLSv1.3 cipher suites, blank for default #ssl_prefer_server_ciphers = on #ssl_groups = 'prime256v1' #ssl_min_protocol_version = 'TLSv1.2' |