Re: Add support to TLS 1.3 cipher suites and curves lists

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Jacob Champion <jacob.champion@enterprisedb.com>, Nathan Bossart <nathandbossart@gmail.com>, Peter Eisentraut <peter@eisentraut.org>, Erica Zhang <ericazhangy2021@qq.com>, Andres Freund <andres@anarazel.de>, Jelte Fennema-Nio <postgres@jeltef.nl>, "Jonathan S. Katz" <jkatz@postgresql.org>, pgsql-hackers <pgsql-hackers@lists.postgresql.org>
Date: 2024-12-11T18:14:46Z
Lists: pgsql-hackers
> On 11 Dec 2024, at 18:47, Tom Lane <tgl@sss.pgh.pa.us> wrote:

> Oh yay, another naming problem :-(.  I think that neither "ciphers"
> vs. "cipher suites" nor "ssl_ciphers" vs. "ssl_ciphers_tlsv13" is
> going to convey a lot to the average person who's not steeped in
> TLS minutiae.  However, following the precedent of Apache and Curl
> seems like a good answer --- that will ensure that at least some
> part of the internet-using world has seen this before.  So I guess
> I'm +0.5 for the ssl_ciphers_tlsv13 answer, at least out of the
> choices suggested so far.

The subset of users who are likely to be interested in this setting would
probably be more confused if we didn't follow the precedent from other
well-known projects.

--
Daniel Gustafsson




Commits

  1. Handle alphanumeric characters in matching GUC names

  2. Only perform pg_strong_random init when required