SSL Cipher Configuration: TLS Versions and Server Preferences

Multiple cipher suites can be specified by using a colon separated list. If left blank, the default set of cipher suites in <productname>OpenSSL</productname> will be used. </para> <para> This parameter can only be set in the <filename>postgresql.conf</filename> file or on the server command line. </para> </listitem> </varlistentry> <varlistentry id="guc-ssl-ciphers" xreflabel="ssl_ciphers"> <term><varname>ssl_ciphers</varname> (<type>string</type>) <indexterm> <primary><varname>ssl_ciphers</varname> configuration parameter</primary> </indexterm> </term> <listitem> <para> Specifies a list of <acronym>SSL</acronym> ciphers that are allowed by connections using TLS version 1.2 and lower, see <xref linkend="guc-ssl-tls13-ciphers"/> for TLS version 1.3 connections. See the <citerefentry><refentrytitle>ciphers</refentrytitle></citerefentry> manual page in the <productname>OpenSSL</productname> package for the syntax of this setting and a list of supported values. The default value is <literal>HIGH:MEDIUM:+3DES:!aNULL</literal>. The default is usually a reasonable choice unless you have specific security requirements. </para> <para> This parameter can only be set in the <filename>postgresql.conf</filename> file or on the server command line. </para> <para> Explanation of the default value: <variablelist> <varlistentry id="guc-ssl-ciphers-high"> <term><literal>HIGH</literal></term> <listitem> <para> Cipher suites that use ciphers from <literal>HIGH</literal> group (e.g., AES, Camellia, 3DES) </para> </listitem> </varlistentry> <varlistentry id="guc-ssl-ciphers-medium"> <term><literal>MEDIUM</literal></term> <listitem> <para> Cipher suites that use ciphers from <literal>MEDIUM</literal> group (e.g., RC4, SEED) </para> </listitem> </varlistentry> <varlistentry id="guc-ssl-ciphers-plus-3des"> <term><literal>+3DES</literal></term> <listitem> <para> The <productname>OpenSSL</productname> default order for <literal>HIGH</literal> is problematic because it orders 3DES higher than AES128. This is wrong because 3DES offers less security than AES128, and it is also much slower. <literal>+3DES</literal> reorders it after all other <literal>HIGH</literal> and <literal>MEDIUM</literal> ciphers. </para> </listitem> </varlistentry> <varlistentry id="guc-ssl-ciphers-not-anull"> <term><literal>!aNULL</literal></term> <listitem> <para> Disables anonymous cipher suites that do no authentication. Such cipher suites are vulnerable to <acronym>MITM</acronym> attacks and therefore should not be used. </para> </listitem> </varlistentry> </variablelist> </para> <para> Available cipher suite details will vary across <productname>OpenSSL</productname> versions. Use the command <literal>openssl ciphers -v 'HIGH:MEDIUM:+3DES:!aNULL'</literal> to see actual details for the currently installed <productname>OpenSSL</productname> version. Note that this list is filtered at run time based on the server key type. </para> </listitem> </varlistentry> <varlistentry id="guc-ssl-prefer-server-ciphers" xreflabel="ssl_prefer_server_ciphers"> <term><varname>ssl_prefer_server_ciphers</varname> (<type>boolean</type>) <indexterm> <primary><varname>ssl_prefer_server_ciphers</varname>

This section details the `ssl_ciphers` parameter, which specifies allowed SSL ciphers for TLS 1.2 and lower, referencing `ssl_tls13_ciphers` for TLS 1.3. It explains the syntax using OpenSSL and provides a breakdown of the default value `HIGH:MEDIUM:+3DES:!aNULL`, including explanations for each component: cipher suites from HIGH and MEDIUM groups, reordering 3DES for security, and disabling anonymous (unauthenticated) cipher suites. It also recommends using `openssl ciphers -v` to view details for the installed OpenSSL version. The section will then introduce `ssl_prefer_server_ciphers`.