On Mon, Jun 17, 2024 at 10:01 AM Andres Freund <andres@anarazel.de> wrote:
> On 2024-06-17 12:00:30 +0200, Daniel Gustafsson wrote:
> > To set the specified curve in ssl_ecdh_curve we have to don't we?
>
> Sure, but it's not obvious to me why we actually want to override openssl's
> defaults here. There's not even a parameter to opt out of forcing a specific
> choice on the server side.
I had exactly the same question in the context of the other thread, and found
https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/index.html
My initial takeaway was that our default is more restrictive than it
should be, but the OpenSSL default is more permissive than what they
recommend in practice, due to denial of service concerns:
> A general recommendation is to limit the groups to those that meet the
> required security level and that all the potential TLS clients support.
--Jacob