On 11/09/2017 01:59 PM, chiru r wrote: > I am using PostgreSQL version *9.5.7* on Red hat enterprise Linux *7.2.* > > *OpenSSL version : * OpenSSL 1.0.1e-fips 11 Feb 2013. > > I have a requirement to enable the SSL in my environment with specific > cipher suites,we want to restrict weak cipher suites from open SSL > default list. > > We have list of cipher suites, which are authorized to use in my > environment.So the Client Applications use one of authorized cipher > suites while configuring application server. > > Is it require to install different version of OpenSSL software instead > of default OpenSSL on Linux ?. Note -- please don't cross post to hackers as it is off topic for that list and cross posting is generally frowned upon (pgsql-hackers removed). Assuming you mean that you need only FIPS 140-2 compliant ciphers, you would want to configure the OS for system-wide FIPS compliance. See: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/chap-federal_standards_and_regulations > How to configure the PostgreSQL to allow specif cipher suites from > different client applications? If you still need more control over what Postgres allows, see the ssl_ciphers configuration setting here: https://www.postgresql.org/docs/current/static/runtime-config-connection.html#GUC-SSL HTH, Joe -- Crunchy Data - http://crunchydata.com PostgreSQL Support for Secure Enterprises Consulting, Training, & Open Source Development
Attachment:
signature.asc
Description: OpenPGP digital signature
