index 44e830aa083b11a3688ee89cb884f2ffac684ae0..f569aa2015469f18d713f36dbbceb9cb5f5e7111 100644 (file)
</term>
<listitem>
<para>
- Specifies a list of <acronym>SSL</acronym> cipher suites that are allowed to be
- used on secure connections. See
- the <citerefentry><refentrytitle>ciphers</refentrytitle></citerefentry> manual page
- in the <application>OpenSSL</application> package for the syntax of this setting
- and a list of supported values.
- This parameter can only be set in the <filename>postgresql.conf</filename>
- file or on the server command line.
- The default value is <literal>HIGH:MEDIUM:+3DES:!aNULL</literal>. The
- default is usually a reasonable choice unless you have specific
- security requirements.
+ Specifies a list of <acronym>SSL</acronym> cipher suites that are
+ allowed to be used by SSL connections. See the
+ <citerefentry><refentrytitle>ciphers</refentrytitle></citerefentry>
+ manual page in the <application>OpenSSL</application> package for the
+ syntax of this setting and a list of supported values. Only
+ connections using TLS version 1.2 and lower are affected. There is
+ currently no setting that controls the cipher choices used by TLS
+ version 1.3 connections. The default value is
+ <literal>HIGH:MEDIUM:+3DES:!aNULL</literal>. The default is usually a
+ reasonable choice unless you have specific security requirements.
+ </para>
+
+ <para>
+ This parameter can only be set in the
+ <filename>postgresql.conf</filename> file or on the server command
+ line.
</para>
<para>