[Pkg-postgresql-public] Bug#779683: Bug#779683: postgresql: pg_hba scripts (mis)configures for MD5 authentication
Aaron Zauner
azet at azet.org
Thu Mar 5 11:39:42 UTC 2015
Michael Samuel wrote:
> Hi,
>
> On 5 March 2015 at 19:58, Christoph Berg <myon at debian.org> wrote:
>>> That's an excellent thought.. I wasn't aware of this. Unfortunately,
>>> I'm not sure that we could make it the default in Debian as it requires
>>> server-side certificates be configured and used properly (correct?) but
>>> I don't see a reason to not support it and encourage its use.
>
> TLS-SRP verifies both client and server.
Yep. I confused SRP with PSK ciphersuites here. There're no ciphersuites
that support PKIX and SRP. Unfortunately there's also only AES-CBC
(mac-then-encrypt) as a possible option when using SRP.
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-postgresql-public/attachments/20150305/37640e23/attachment-0001.sig>
More information about the Pkg-postgresql-public
mailing list