diff options
| author | Peter Eisentraut <peter_e@gmx.net> | 2013-12-07 15:11:44 -0500 |
|---|---|---|
| committer | Peter Eisentraut <peter_e@gmx.net> | 2013-12-07 15:11:44 -0500 |
| commit | 3164721462d547fa2d15e2a2f07eb086a3590fd5 (patch) | |
| tree | 2f834c8d59ba452f47136cfde94a62d806715492 /src/backend/utils/misc/postgresql.conf.sample | |
| parent | 91484409bdd17f330d10671d388b72d4ef1451d7 (diff) | |
| download | postgresql-3164721462d547fa2d15e2a2f07eb086a3590fd5.tar.gz postgresql-3164721462d547fa2d15e2a2f07eb086a3590fd5.zip | |
SSL: Support ECDH key exchange
This sets up ECDH key exchange, when compiling against OpenSSL that
supports EC. Then the ECDHE-RSA and ECDHE-ECDSA cipher suites can be
used for SSL connections. The latter one means that EC keys are now
usable.
The reason for EC key exchange is that it's faster than DHE and it
allows to go to higher security levels where RSA will be horribly slow.
There is also new GUC option ssl_ecdh_curve that specifies the curve
name used for ECDH. It defaults to "prime256v1", which is the most
common curve in use in HTTPS.
From: Marko Kreen <markokr@gmail.com>
Reviewed-by: Adrian Klaver <adrian.klaver@gmail.com>
Diffstat (limited to 'src/backend/utils/misc/postgresql.conf.sample')
| -rw-r--r-- | src/backend/utils/misc/postgresql.conf.sample | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample index a0f564bb9cf..983cae7fda2 100644 --- a/src/backend/utils/misc/postgresql.conf.sample +++ b/src/backend/utils/misc/postgresql.conf.sample @@ -82,6 +82,7 @@ #ssl_ciphers = 'DEFAULT:!LOW:!EXP:!MD5:@STRENGTH' # allowed SSL ciphers # (change requires restart) #ssl_prefer_server_ciphers = on # (change requires restart) +#ssl_ecdh_curve = 'prime256v1' # (change requires restart) #ssl_renegotiation_limit = 512MB # amount of data between renegotiations #ssl_cert_file = 'server.crt' # (change requires restart) #ssl_key_file = 'server.key' # (change requires restart) |