Thread

  1. Removing broken support for OpenSSL without ECDH

    Daniel Gustafsson <daniel@yesql.se> — 2026-05-22T18:01:55Z

    Commit 316472146 introduced support for ECDH key exchange in 2013, honoring the
    OPENSSL_NO_ECDH macro for checking it OpenSSL supports ECDH.  A few years later
    in 2015 OpenSSL removed the macro OPENSSL_NO_ECDH by merging OPENSSL_NO_ECDH
    and OPENSSL_NO_ECDSA into a single OPENSSL_NO_EC macro in commit 10bf4fc2c [0].
    PostgreSQL never got the memo though, so our check has been defunct ever since.
    
    That being said, using OpenSSL without ECDH support sounds like an anti-feature
    and not something we want to re-introduce support for, so I propose just
    removing our useless guards as per the attached.  There is clearly no need for
    backpatching, but I propose applying to master as it cleans up the code.
    
    Also, scanning the archives I was unable to find anyone complaining about this
    not working (which came to no surprise).
    
    --
    Daniel Gustafsson
    
    [0] https://github.com/openssl/openssl/commit/10bf4fc2c