Re: ecdh support causes unnecessary roundtrips

> On 9 Feb 2026, at 20:41, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> Daniel Gustafsson <daniel(at)yesql(dot)se> writes:
>> On 18 Mar 2025, at 16:07, Andres Freund <andres(at)anarazel(dot)de> wrote:
>>> Thanks to both of you for fixing this!
>
>> No worries, this has now been committed. Whether or not we can do anything for
>> backbranches is another discussion.
>
> I happened to discover that daa02c6bd causes us to fail on FIPS-mode
> platforms, because X25519 is not a permitted ECDH curve under FIPS.

Ugh, seems I missed testing this with a FIPS enabled setup..

> SSL connection attempts fail with
>
> 2026-02-09 14:29:05.214 EST postmaster[118237] FATAL: could not set group names specified in ssl_groups: passed invalid argument
> 2026-02-09 14:29:05.214 EST postmaster[118237] HINT: Ensure that each group name is spelled correctly and supported by the installed version of OpenSSL.
>
> (This is with OpenSSL 3.0.9 on Fedora 38.)
>
> The reason this eluded detection by the buildfarm is that
> (a) our animals that run on FIPS-mode platforms aren't using
> --enable-tap-tests, and (b) ssl_groups is not validated in any way
> until we try to load it into an SSL context, ie at the moment of
> actually receiving an SSL connection.
>
> I don't object to X25519 being in the default setting, given that it
> seems to be widely used. But I think we had better (1) document that
> you need to remove it if you want to run under FIPS, and (2) fix our
> SSL-using regression tests to not use it. I wonder also if we could
> find a way to validate the ssl_groups setting in a check_hook.

Maybe we can create a lightweight throw-away context in a check hook and ensure
the settings work? Are you hacking on it or do you want me to pick it up?

--
Daniel Gustafsson