Re: ecdh support causes unnecessary roundtrips
Jacob Champion <jacob.champion@enterprisedb.com>
From: Jacob Champion <jacob.champion@enterprisedb.com>
To: Andres Freund <andres@anarazel.de>
Cc: Daniel Gustafsson <daniel@yesql.se>,
PostgreSQL Hackers <pgsql-hackers@postgresql.org>, Marko Kreen <markokr@gmail.com>, Adrian Klaver <adrian.klaver@gmail.com>, Peter Eisentraut <peter_e@gmx.net>, Heikki Linnakangas <hlinnaka@iki.fi>
Date: 2024-06-17T17:19:23Z
Lists: pgsql-hackers
On Mon, Jun 17, 2024 at 10:01 AM Andres Freund <andres@anarazel.de> wrote:
> On 2024-06-17 12:00:30 +0200, Daniel Gustafsson wrote:
> > To set the specified curve in ssl_ecdh_curve we have to don't we?
>
> Sure, but it's not obvious to me why we actually want to override openssl's
> defaults here. There's not even a parameter to opt out of forcing a specific
> choice on the server side.
I had exactly the same question in the context of the other thread, and found
https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/index.html
My initial takeaway was that our default is more restrictive than it
should be, but the OpenSSL default is more permissive than what they
recommend in practice, due to denial of service concerns:
> A general recommendation is to limit the groups to those that meet the
> required security level and that all the potential TLS clients support.
--Jacob
Commits
-
doc: Add note to ssl_group config on X25519 and FIPS
- db93988ab0e7 19 (unreleased) landed
-
Avoid using the X25519 curve in ssl tests
- 07e90c691358 19 (unreleased) landed
-
Add X25519 to the default set of curves
- daa02c6bd926 18.0 landed
-
SSL: Support ECDH key exchange
- 3164721462d5 9.4.0 cited