Base the default SSL ciphers on DEFAULT instead of ALL

It's better to start from what the OpenSSL people consider a good
default and then remove insecure things (low encryption, exportable
encryption and md5 at this point) from that, instead of starting
from everything that exists and remove from that. We trust the
OpenSSL people to make good choices about what the default is.

diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c
index ac5e4f3e48d308de9fa5c80aeb081c7bb699c7c2..6128694200f0a9a69402493c0303ab9ea243e92b 100644 (file)
--- a/src/backend/utils/misc/guc.c
+++ b/src/backend/utils/misc/guc.c
@@ -3056,7 +3056,7 @@ static struct config_string ConfigureNamesString[] =
                },
                &SSLCipherSuites,
 #ifdef USE_SSL
-               "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH",
+               "DEFAULT:!LOW:!EXP:!MD5:@STRENGTH",
 #else
                "none",
 #endif

diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample
index eeb9b82abf1c2690f9ba4d6494fb5d9cbe8bead0..62aea2f583e0b7ac3c9b7ae6b263f3adeab6e643 100644 (file)
--- a/src/backend/utils/misc/postgresql.conf.sample
+++ b/src/backend/utils/misc/postgresql.conf.sample
@@ -79,7 +79,7 @@
 
 #authentication_timeout = 1min         # 1s-600s
 #ssl = off                             # (change requires restart)
-#ssl_ciphers = 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH'     # allowed SSL ciphers
+#ssl_ciphers = 'DEFAULT:!LOW:!EXP:!MD5:@STRENGTH'      # allowed SSL ciphers
                                        # (change requires restart)
 #ssl_renegotiation_limit = 512MB       # amount of data between renegotiations
 #ssl_cert_file = 'server.crt'          # (change requires restart)