-<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.399 2007/12/29 03:44:34 momjian Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.400 2007/12/29 04:27:02 momjian Exp $ -->
<chapter Id="runtime">
<title>Operating System Environment</title>
ciphers can be specified in the <productname>OpenSSL</productname>
configuration file, you can specify ciphers specifically for use by
the database server by modifying <xref linkend="guc-ssl-ciphers"> in
- <filename>postgresql .conf</>. It is possible to have authentication
- without the overhead of encryption by using <literal>NULL-SHA</> or
- <literal>NULL-MD5</> ciphers. However, a man-in-the-middle could read
- and pass communications between client and server.
+ <filename>postgresql .conf</>.
</para>
+ <note>
+ <para>
+ It is possible to have authentication without encryption overhead by
+ using <literal>NULL-SHA</> or <literal>NULL-MD5</> ciphers. However,
+ a man-in-the-middle could read and pass communications between client
+ and server. Also, encryption overhead is minimal compared to the
+ overhead of authentication. For these reasons NULL ciphers are not
+ recommended.
+ </para>
+ </note>
+
<para>
To start in <acronym>SSL</> mode, the files <filename>server.crt</>
and <filename>server.key</> must exist in the server's data directory.
projects / postgresql / commitdiff