Re: ecdh support causes unnecessary roundtrips

Daniel Gustafsson <daniel@yesql.se> writes:
> On 18 Mar 2025, at 16:07, Andres Freund <andres@anarazel.de> wrote:
>> Thanks to both of you for fixing this!

> No worries, this has now been committed.  Whether or not we can do anything for
> backbranches is another discussion.

I happened to discover that daa02c6bd causes us to fail on FIPS-mode
platforms, because X25519 is not a permitted ECDH curve under FIPS.
SSL connection attempts fail with

2026-02-09 14:29:05.214 EST postmaster[118237] FATAL:  could not set group names specified in ssl_groups: passed
invalidargument 
2026-02-09 14:29:05.214 EST postmaster[118237] HINT:  Ensure that each group name is spelled correctly and supported by
theinstalled version of OpenSSL. 

(This is with OpenSSL 3.0.9 on Fedora 38.)

The reason this eluded detection by the buildfarm is that
(a) our animals that run on FIPS-mode platforms aren't using
--enable-tap-tests, and (b) ssl_groups is not validated in any way
until we try to load it into an SSL context, ie at the moment of
actually receiving an SSL connection.

I don't object to X25519 being in the default setting, given that it
seems to be widely used.  But I think we had better (1) document that
you need to remove it if you want to run under FIPS, and (2) fix our
SSL-using regression tests to not use it.  I wonder also if we could
find a way to validate the ssl_groups setting in a check_hook.

            regards, tom lane