Re: ecdh support causes unnecessary roundtrips

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Andres Freund <andres@anarazel.de>, Jacob Champion <jacob.champion@enterprisedb.com>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>, Marko Kreen <markokr@gmail.com>, Adrian Klaver <adrian.klaver@gmail.com>, Peter Eisentraut <peter_e@gmx.net>, Heikki Linnakangas <hlinnaka@iki.fi>
Date: 2026-02-09T19:41:33Z
Lists: pgsql-hackers
Daniel Gustafsson <daniel@yesql.se> writes:
> On 18 Mar 2025, at 16:07, Andres Freund <andres@anarazel.de> wrote:
>> Thanks to both of you for fixing this!

> No worries, this has now been committed.  Whether or not we can do anything for
> backbranches is another discussion.

I happened to discover that daa02c6bd causes us to fail on FIPS-mode
platforms, because X25519 is not a permitted ECDH curve under FIPS.
SSL connection attempts fail with

2026-02-09 14:29:05.214 EST postmaster[118237] FATAL:  could not set group names specified in ssl_groups: passed invalid argument
2026-02-09 14:29:05.214 EST postmaster[118237] HINT:  Ensure that each group name is spelled correctly and supported by the installed version of OpenSSL.

(This is with OpenSSL 3.0.9 on Fedora 38.)

The reason this eluded detection by the buildfarm is that
(a) our animals that run on FIPS-mode platforms aren't using
--enable-tap-tests, and (b) ssl_groups is not validated in any way
until we try to load it into an SSL context, ie at the moment of
actually receiving an SSL connection.

I don't object to X25519 being in the default setting, given that it
seems to be widely used.  But I think we had better (1) document that
you need to remove it if you want to run under FIPS, and (2) fix our
SSL-using regression tests to not use it.  I wonder also if we could
find a way to validate the ssl_groups setting in a check_hook.

			regards, tom lane



Commits

  1. doc: Add note to ssl_group config on X25519 and FIPS

  2. Avoid using the X25519 curve in ssl tests

  3. Add X25519 to the default set of curves

  4. SSL: Support ECDH key exchange