Re: Add support to TLS 1.3 cipher suites and curves lists

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Peter Eisentraut <peter@eisentraut.org>
Cc: Jacob Champion <jacob.champion@enterprisedb.com>, Erica Zhang <ericazhangy2021@qq.com>, Andres Freund <andres@anarazel.de>, Jelte Fennema-Nio <postgres@jeltef.nl>, pgsql-hackers <pgsql-hackers@lists.postgresql.org>
Date: 2024-10-15T10:42:39Z
Lists: pgsql-hackers
> On 14 Oct 2024, at 15:08, Peter Eisentraut <peter@eisentraut.org> wrote:
> 
> On 26.09.24 11:01, Daniel Gustafsson wrote:
>> Attached is a v7 which address a test failure in the CI.  It turns out that the
>> test_misc module gather GUC names using the :alpha: character class which only
>> allows alphabetic whereas GUC names can have digits in them.  The 0001 patch
>> fixes this by instead using the :alnum: character class which allows all
>> alphanumeric characters.  This is not directly related to this patch, it just
>> happened to be exposed by it.
> 
> If we are raising the minimum version to OpenSSL 1.1.1, couldn't we then remove the version check introduced by commit c3333dbc0c0 ("Only perform pg_strong_random init when required")?

That's a very good point, I've done this in the v8 attached just upthread.

> FWIW, these patches generally look okay to me.  I haven't done much in-depth checking, but overall everything looks sensible.  I think Jacob already provided more in-depth reviews, but let me know if you need anything else on this.

Thanks!  I think the v8 posted todays is about ready to go in and unless there
are objections I'll go ahead with it shortly.

--
Daniel Gustafsson




Commits

  1. Handle alphanumeric characters in matching GUC names

  2. Only perform pg_strong_random init when required