作者
digoal
日期
2019-09-08
标签
PostgreSQL , ssl_max_protocol_version , ssl_min_protocol_version
背景
PG支持SSL需要依赖openssl lib,数据库参数中增加了两个参数,指定ssl协议版本的最大最小版本号。
Allow control of the minimum and maximum SSL> protocol versions (Peter Eisentraut)
The server settings are ssl_min_protocol_version and ssl_max_protocol_version.
ssl_min_protocol_version (enum)
Sets the minimum SSL/TLS protocol version to use. Valid values are currently: TLSv1, TLSv1.1, TLSv1.2, TLSv1.3. Older versions of the OpenSSL library do not support all values; an error will be raised if an unsupported setting is chosen. Protocol versions before TLS 1.0, namely SSL version 2 and 3, are always disabled.
The default is TLSv1, mainly to support older versions of the OpenSSL library. You might want to set this to a higher value if all software components can support the newer protocol versions.
ssl_max_protocol_version (enum)
Sets the maximum SSL/TLS protocol version to use. Valid values are as for ssl_min_protocol_version, with addition of an empty string, which allows any protocol version. The default is to allow any version. Setting the maximum protocol version is mainly useful for testing or if some component has issues working with a newer protocol.
参考
https://www.postgresql.org/docs/12/runtime-config-connection.html#RUNTIME-CONFIG-CONNECTION-SSL
PostgreSQL 许愿链接
您的愿望将传达给PG kernel hacker、数据库厂商等, 帮助提高数据库产品质量和功能, 说不定下一个PG版本就有您提出的功能点. 针对非常好的提议,奖励限量版PG文化衫、纪念品、贴纸、PG热门书籍等,奖品丰富,快来许愿。开不开森.
9.9元购买3个月阿里云RDS PostgreSQL实例
PostgreSQL 解决方案集合
德哥 / digoal's github - 公益是一辈子的事.
