Re: ecdh support causes unnecessary roundtrips
Daniel Gustafsson <daniel@yesql.se>
From: Daniel Gustafsson <daniel@yesql.se>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Andres Freund <andres@anarazel.de>,
Jacob Champion <jacob.champion@enterprisedb.com>,
PostgreSQL Hackers <pgsql-hackers@postgresql.org>,
Marko Kreen <markokr@gmail.com>,
Adrian Klaver <adrian.klaver@gmail.com>,
Peter Eisentraut <peter_e@gmx.net>,
Heikki Linnakangas <hlinnaka@iki.fi>
Date: 2026-02-09T19:56:13Z
Lists: pgsql-hackers
> On 9 Feb 2026, at 20:41, Tom Lane <tgl@sss.pgh.pa.us> wrote: > > Daniel Gustafsson <daniel@yesql.se> writes: >> On 18 Mar 2025, at 16:07, Andres Freund <andres@anarazel.de> wrote: >>> Thanks to both of you for fixing this! > >> No worries, this has now been committed. Whether or not we can do anything for >> backbranches is another discussion. > > I happened to discover that daa02c6bd causes us to fail on FIPS-mode > platforms, because X25519 is not a permitted ECDH curve under FIPS. Ugh, seems I missed testing this with a FIPS enabled setup.. > SSL connection attempts fail with > > 2026-02-09 14:29:05.214 EST postmaster[118237] FATAL: could not set group names specified in ssl_groups: passed invalid argument > 2026-02-09 14:29:05.214 EST postmaster[118237] HINT: Ensure that each group name is spelled correctly and supported by the installed version of OpenSSL. > > (This is with OpenSSL 3.0.9 on Fedora 38.) > > The reason this eluded detection by the buildfarm is that > (a) our animals that run on FIPS-mode platforms aren't using > --enable-tap-tests, and (b) ssl_groups is not validated in any way > until we try to load it into an SSL context, ie at the moment of > actually receiving an SSL connection. > > I don't object to X25519 being in the default setting, given that it > seems to be widely used. But I think we had better (1) document that > you need to remove it if you want to run under FIPS, and (2) fix our > SSL-using regression tests to not use it. I wonder also if we could > find a way to validate the ssl_groups setting in a check_hook. Maybe we can create a lightweight throw-away context in a check hook and ensure the settings work? Are you hacking on it or do you want me to pick it up? -- Daniel Gustafsson
Commits
-
doc: Add note to ssl_group config on X25519 and FIPS
- db93988ab0e7 19 (unreleased) landed
-
Avoid using the X25519 curve in ssl tests
- 07e90c691358 19 (unreleased) landed
-
Add X25519 to the default set of curves
- daa02c6bd926 18.0 landed
-
SSL: Support ECDH key exchange
- 3164721462d5 9.4.0 cited