projects / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3d1ef3a) | patch
Support configuring TLSv1.3 cipher suites
authorDaniel Gustafsson
Thu, 24 Oct 2024 13:20:32 +0000 (15:20 +0200)
committerDaniel Gustafsson
Thu, 24 Oct 2024 13:20:32 +0000 (15:20 +0200)
commit45188c2ea2391b7b24039e1632c726e2fc6b8008
treee85052c98e0775dd4932789e0fe603909a36bccftree
parent3d1ef3a15c3eb68dae44b94e89d04c422b26fc16commit | diff
Support configuring TLSv1.3 cipher suites

The ssl_ciphers GUC can only set cipher suites for TLSv1.2, and lower,
connections. For TLSv1.3 connections a different OpenSSL API must be
used.  This adds a new GUC, ssl_tls13_ciphers, which can be used to
configure a colon separated list of cipher suites to support when
performing a TLSv1.3 handshake.

Original patch by Erica Zhang with additional hacking by me.

Author: Erica Zhang 
Author: Daniel Gustafsson 
Reviewed-by: Jacob Champion
Reviewed-by: Andres Freund
Reviewed-by: Peter Eisentraut
Reviewed-by: Jelte Fennema-Nio
Discussion: https://postgr.es/m/[email protected]
doc/src/sgml/config.sgml diff | blob | blame | history
src/backend/libpq/be-secure-openssl.c diff | blob | blame | history
src/backend/libpq/be-secure.c diff | blob | blame | history
src/backend/utils/misc/guc_tables.c diff | blob | blame | history
src/backend/utils/misc/postgresql.conf.sample diff | blob | blame | history
src/include/libpq/libpq.h diff | blob | blame | history
src/test/ssl/t/SSL/Server.pm diff | blob | blame | history
This is the main PostgreSQL git repository.