Re: SSL Ciphers (was Chipers)
From: Gerard H. Pille <ghp_at_skynet.be>
Date: Sat, 29 Oct 2011 13:58:15 +0200
Message-ID: <4EABEA57.5080802_at_skynet.be>
jkells wrote:
>
> I'm sure that this is not the group to inquire about ciphers being
> greater then 256 for PostgreSQL but if anyone can provide me with any
> information about PostgreSQL support for chipers and how to use chipers
> greater then 256 (I.e. 1024) I would greatly appreciate it.
> I have two Ubuntu servers running PostgreSQL and when I setup SSL I was
> surprised to see it only at 256. Looking at openssl chipers the largest
> one was 256.
>
> psql (9.0.4)
> SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
> Type "help" for help.
>
> openssl ciphers -v 'AES+HIGH'
> ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1
>
> Isn't 256 considered weak now a days?
> Thanks
Date: Sat, 29 Oct 2011 13:58:15 +0200
Message-ID: <4EABEA57.5080802_at_skynet.be>
jkells wrote:
>
> I'm sure that this is not the group to inquire about ciphers being
> greater then 256 for PostgreSQL but if anyone can provide me with any
> information about PostgreSQL support for chipers and how to use chipers
> greater then 256 (I.e. 1024) I would greatly appreciate it.
> I have two Ubuntu servers running PostgreSQL and when I setup SSL I was
> surprised to see it only at 256. Looking at openssl chipers the largest
> one was 256.
>
> psql (9.0.4)
> SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
> Type "help" for help.
>
> openssl ciphers -v 'AES+HIGH'
> ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1
>
> Isn't 256 considered weak now a days?
> Thanks
Maybe you could Google for "ciphers" iso "chipers" and have better results.
First hit for "openssl ciphers"
# default 512-bit key, sent to standard output openssl genrsa
# 1024-bit key, saved to file named mykey.pem openssl genrsa -out mykey.pem 1024
# same as above, but encrypted with a passphrase openssl genrsa -des3 -out mykey.pem 1024 Received on Sat Oct 29 2011 - 06:58:15 CDT