Removing broken support for OpenSSL without ECDH
Daniel Gustafsson <daniel@yesql.se>
From: Daniel Gustafsson <daniel@yesql.se>
To: Postgres hackers <pgsql-hackers@lists.postgresql.org>
Cc: Jacob Champion <jacob.champion@enterprisedb.com>
Date: 2026-05-22T18:01:55Z
Lists: pgsql-hackers
Attachments
- 0001-Remove-incorrect-OpenSSL-feature-guards.patch (application/octet-stream)
Commit 316472146 introduced support for ECDH key exchange in 2013, honoring the OPENSSL_NO_ECDH macro for checking it OpenSSL supports ECDH. A few years later in 2015 OpenSSL removed the macro OPENSSL_NO_ECDH by merging OPENSSL_NO_ECDH and OPENSSL_NO_ECDSA into a single OPENSSL_NO_EC macro in commit 10bf4fc2c [0]. PostgreSQL never got the memo though, so our check has been defunct ever since. That being said, using OpenSSL without ECDH support sounds like an anti-feature and not something we want to re-introduce support for, so I propose just removing our useless guards as per the attached. There is clearly no need for backpatching, but I propose applying to master as it cleans up the code. Also, scanning the archives I was unable to find anyone complaining about this not working (which came to no surprise). -- Daniel Gustafsson [0] https://github.com/openssl/openssl/commit/10bf4fc2c