Should it be combination of
'HIGH:!aNULL' ??
'HIGH:!aNULL' ??
Regards,
Pramod
On Sun, 13 Jun 2021, 20:34 Tom Lane, <tgl@xxxxxxxxxxxxx> wrote:
pramod kg <pramod11287@xxxxxxxxx> writes:
> I have enabled ssl on my PG servers and have set ssl_cipher to "HIGH".
> Still, the security team complains that weak ciphers are accepted at server
> side (They have run some security tests).
The default setting of that is
#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
Perhaps the problem is your ill-advised removal of the !aNULL part.
regards, tom lane
