Re: ecdh support causes unnecessary roundtrips
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Andres Freund <andres@anarazel.de>,
Jacob Champion <jacob.champion@enterprisedb.com>,
PostgreSQL Hackers <pgsql-hackers@postgresql.org>,
Marko Kreen <markokr@gmail.com>,
Adrian Klaver <adrian.klaver@gmail.com>,
Peter Eisentraut <peter_e@gmx.net>,
Heikki Linnakangas <hlinnaka@iki.fi>
Date: 2026-02-20T19:17:42Z
Lists: pgsql-hackers
Daniel Gustafsson <daniel@yesql.se> writes: > On 20 Feb 2026, at 17:07, Tom Lane <tgl@sss.pgh.pa.us> wrote: >> I'd rather test the normal configuration >> normally and make people who want to run the test on a FIPS platform >> do something different. > How about a function in Cluster.pm which returns whether the underlying OpenSSL > is using FIPS or not, and if it does we adjust the config to make it not fail > on an unallowed group? That way we can have a CI job that runs with FIPS and > the adjusted test config, and the rest - along with the Buildfarm - runs the > default config. If we can get that information easily, then sure. BTW, I think we should be back-patching these fixes into v18, since the testing hazard exists there too. But maybe wait till after the re-release is finished. regards, tom lane
Commits
-
doc: Add note to ssl_group config on X25519 and FIPS
- db93988ab0e7 19 (unreleased) landed
-
Avoid using the X25519 curve in ssl tests
- 07e90c691358 19 (unreleased) landed
-
Add X25519 to the default set of curves
- daa02c6bd926 18.0 landed
-
SSL: Support ECDH key exchange
- 3164721462d5 9.4.0 cited