It does not need to be the same curve used by the server's Elliptic
Curve key. This parameter can only be set in the
<filename>postgresql.conf</filename> file or on the server command line.
- The default is <literal>prime256v1</literal>.
+ The default is <literal>X25519:prime256v1</literal>.
</para>
<para>
},
&SSLECDHCurve,
#ifdef USE_SSL
- "prime256v1",
+ "X25519:prime256v1",
#else
"none",
#endif
#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed TLSv1.2 ciphers
#ssl_tls13_ciphers = '' # allowed TLSv1.3 cipher suites, blank for default
#ssl_prefer_server_ciphers = on
-#ssl_groups = 'prime256v1'
+#ssl_groups = 'X25519:prime256v1'
#ssl_min_protocol_version = 'TLSv1.2'
#ssl_max_protocol_version = ''
#ssl_dh_params_file = ''
$node->append_conf('sslconfig.conf', "ssl=on");
$node->append_conf('sslconfig.conf', $backend->set_server_cert(\%params));
# use lists of ECDH curves and cipher suites for syntax testing
- $node->append_conf('sslconfig.conf', 'ssl_groups=prime256v1:secp521r1');
+ $node->append_conf('sslconfig.conf', 'ssl_groups=X25519:prime256v1:secp521r1');
$node->append_conf('sslconfig.conf',
'ssl_tls13_ciphers=TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256');
projects / postgresql.git / commitdiff