Re: ecdh support causes unnecessary roundtrips

Andres Freund <andres@anarazel.de>

From: Andres Freund <andres@anarazel.de>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Jacob Champion <jacob.champion@enterprisedb.com>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>, Marko Kreen <markokr@gmail.com>, Adrian Klaver <adrian.klaver@gmail.com>, Peter Eisentraut <peter_e@gmx.net>, Heikki Linnakangas <hlinnaka@iki.fi>
Date: 2025-03-18T15:07:14Z
Lists: pgsql-hackers
Hi,

On 2025-03-18 10:45:41 +0100, Daniel Gustafsson wrote:
> Thanks for doing that, I'll try to get this in during a break in todays conference.

Thanks to both of you for fixing this!


I wonder how we could make it easier to find stuff like this and 274bbced853,
it's pretty painful right now. The SSLKEYLOGFILE stuff being discussed would
help, but would still require somebody breaking out wireshark or such.
Perhaps some added trace messages or such?

Greetings,

Andres



Commits

  1. doc: Add note to ssl_group config on X25519 and FIPS

  2. Avoid using the X25519 curve in ssl tests

  3. Add X25519 to the default set of curves

  4. SSL: Support ECDH key exchange