Hi, On 5 March 2015 at 19:58, Christoph Berg <m...@debian.org> wrote: >> That's an excellent thought.. I wasn't aware of this. Unfortunately, >> I'm not sure that we could make it the default in Debian as it requires >> server-side certificates be configured and used properly (correct?) but >> I don't see a reason to not support it and encourage its use.
TLS-SRP verifies both client and server. > We have the autogenerated snakeoil certificates that we use anyway. > If these aren't good (why?), we could put more automation in there and > generate proper certificates. That's probably more of a > distribution-wide topic and not just PostgreSQL, though. The snake-oil certificate could certainly be improved with a more useful framework for creating and submitting CSRs and monitoring for renewal/expiry. Certutil(?) from FreeIPA does this. Regards, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
