Re: Add support to TLS 1.3 cipher suites and curves lists

From: Daniel Gustafsson <daniel(at)yesql(dot)se>
To: Peter Eisentraut <peter(at)eisentraut(dot)org>
Cc: Erica Zhang <ericazhangy2021(at)qq(dot)com>, Andres Freund <andres(at)anarazel(dot)de>, Jelte Fennema-Nio <postgres(at)jeltef(dot)nl>, Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>, pgsql-hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Re: Add support to TLS 1.3 cipher suites and curves lists
Date: 2024-07-12 20:03:33
Message-ID: 9DE8B790-D3F7-4AC9-B648-3E2F49974B60@yesql.se
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

> On 11 Jul 2024, at 23:16, Peter Eisentraut <peter(at)eisentraut(dot)org> wrote:

> It would be worth checking the discussion at <https://www.postgresql.org/message-id/flat/79692bf9-17d3-41e6-b9c9-fc8c3944222a(at)eisentraut(dot)org> about strtok()/strtok_r() issues. First, for list parsing, it sometimes gives the wrong semantics, which I think might apply here. Maybe it's worth comparing this with the semantics that OpenSSL provides natively. And second, strtok_r() is not available on Windows without the workaround provided in that thread.
>
> I'm doubtful that it's worth replicating all this list parsing logic instead of just letting OpenSSL do it. This is a very marginal feature after all.

The original author added the string parsing in order to provide a good error
message in case of an error in the list, and since that seemed like a nice idea
I kept in my review revision. With what you said above I agree it's not worth
the extra complexity it brings so the attached revision removes it.

--
Daniel Gustafsson

Attachment Content-Type Size
v4-0001-Support-multiple-ECDH-curves.patch application/octet-stream 3.2 KB
v4-0002-Support-TLSv1.3-cipher-suites.patch application/octet-stream 7.8 KB

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Sami Imseih 2024-07-12 20:39:57 Re: Restart pg_usleep when interrupted
Previous Message Nathan Bossart 2024-07-12 19:18:37 Re: Restart pg_usleep when interrupted