Removing broken support for OpenSSL without ECDH

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Postgres hackers <pgsql-hackers@lists.postgresql.org>
Cc: Jacob Champion <jacob.champion@enterprisedb.com>
Date: 2026-05-22T18:01:55Z
Lists: pgsql-hackers

Attachments

Commit 316472146 introduced support for ECDH key exchange in 2013, honoring the
OPENSSL_NO_ECDH macro for checking it OpenSSL supports ECDH.  A few years later
in 2015 OpenSSL removed the macro OPENSSL_NO_ECDH by merging OPENSSL_NO_ECDH
and OPENSSL_NO_ECDSA into a single OPENSSL_NO_EC macro in commit 10bf4fc2c [0].
PostgreSQL never got the memo though, so our check has been defunct ever since.

That being said, using OpenSSL without ECDH support sounds like an anti-feature
and not something we want to re-introduce support for, so I propose just
removing our useless guards as per the attached.  There is clearly no need for
backpatching, but I propose applying to master as it cleans up the code.

Also, scanning the archives I was unable to find anyone complaining about this
not working (which came to no surprise).

--
Daniel Gustafsson

[0] https://github.com/openssl/openssl/commit/10bf4fc2c