| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Cc: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
| Subject: | Removing broken support for OpenSSL without ECDH |
| Date: | 2026-05-22 18:01:55 |
| Message-ID: | 1787BA9F-A11C-4A7A-9252-94C470D5CBE3@yesql.se |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Commit 316472146 introduced support for ECDH key exchange in 2013, honoring the
OPENSSL_NO_ECDH macro for checking it OpenSSL supports ECDH. A few years later
in 2015 OpenSSL removed the macro OPENSSL_NO_ECDH by merging OPENSSL_NO_ECDH
and OPENSSL_NO_ECDSA into a single OPENSSL_NO_EC macro in commit 10bf4fc2c [0].
PostgreSQL never got the memo though, so our check has been defunct ever since.
That being said, using OpenSSL without ECDH support sounds like an anti-feature
and not something we want to re-introduce support for, so I propose just
removing our useless guards as per the attached. There is clearly no need for
backpatching, but I propose applying to master as it cleans up the code.
Also, scanning the archives I was unable to find anyone complaining about this
not working (which came to no surprise).
--
Daniel Gustafsson
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-Remove-incorrect-OpenSSL-feature-guards.patch | application/octet-stream | 2.3 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2026-05-22 18:07:10 | Re: Removing broken support for OpenSSL without ECDH |
| Previous Message | Ethan Mertz | 2026-05-22 17:18:12 | [PATCH] Improving index selection for logical replication apply with replica identity full |