projects / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6c66b74) | patch
Support configuring multiple ECDH curves
authorDaniel Gustafsson <[email protected]>
Thu, 24 Oct 2024 13:20:28 +0000 (15:20 +0200)
committerDaniel Gustafsson <[email protected]>
Thu, 24 Oct 2024 13:20:28 +0000 (15:20 +0200)
commit3d1ef3a15c3eb68dae44b94e89d04c422b26fc16
treea710673741765cd033447a36f5e06005fa3fdc38tree
parent6c66b7443cebf3ff09ea76416a20fb6bb1d32a52commit | diff
Support configuring multiple ECDH curves

The ssl_ecdh_curve GUC only accepts a single value, but the TLS
handshake can list multiple curves in the groups extension (the
extension has been renamed to contain more than elliptic curves).
This changes the GUC to accept a colon-separated list of curves.
This commit also renames the GUC to ssl_groups to match the new
nomenclature for the TLS extension.

Original patch by Erica Zhang with additional hacking by me.

Author: Erica Zhang <[email protected]>
Author: Daniel Gustafsson <[email protected]>
Reviewed-by: Jacob Champion <[email protected]>
Reviewed-by: Andres Freund <[email protected]>
Reviewed-by: Peter Eisentraut <[email protected]>
Reviewed-by: Jelte Fennema-Nio <[email protected]>
Discussion: https://postgr.es/m/[email protected]
doc/src/sgml/config.sgml diff | blob | blame | history
src/backend/libpq/be-secure-openssl.c diff | blob | blame | history
src/backend/utils/misc/guc.c diff | blob | blame | history
src/backend/utils/misc/guc_tables.c diff | blob | blame | history
src/backend/utils/misc/postgresql.conf.sample diff | blob | blame | history
src/test/ssl/t/001_ssltests.pl diff | blob | blame | history
src/test/ssl/t/SSL/Server.pm diff | blob | blame | history
This is the main PostgreSQL git repository.