pgpool-II 4.2.3 Documentation | |||
---|---|---|---|
Prev | Up | Appendix A. Release Notes | Next |
Release Date: 2019-03-29
Add new configuration option ssl_prefer_server_ciphers. (Muhammad Usama)
Add the new setting ssl_prefer_server_ciphers to let users configure if they want client's or server's cipher order to take preference.
The default for this parameter is off, which prioritize the client's cipher order as usual. However this is just for keeping backward compatibility, and it is possible that a malicious client uses weak ciphers. For this reason we recommend to set this parameter to on at all times.
Allow to set a client cipher list. (Tatsuo Ishii)
For this purpose new parameter ssl_ciphers, which specifies the cipher list to be accepted by Pgpool-II, is added. This is already implemented in PostgreSQL and useful to enhance security when SSL is enabled.
Fix unnecessary fsync()
to pgpool_status file. (Tatsuo Ishii)
Whenever new connections are created to PostgreSQL backend, fsync()
was issued to pgpool_status file, which could generate excessive I/O
in certain conditions.
So reduce the chance of issuing fsync()
so that it is issued only when
backend status is changed.
Discussion: [pgpool-general: 6436]