On Mon, Jul 29, 2024 at 3:26 PM Daniel Gustafsson <dan...@yesql.se> wrote: > > On 17 Jun 2024, at 19:56, Andres Freund <and...@anarazel.de> wrote: > > On 2024-06-17 19:51:45 +0200, Daniel Gustafsson wrote: > > >> Changing the default of the ecdh GUC would perhaps be doable? > > > > I was wondering whether we could change the default so that it accepts both > > x25519 and secp256r1. Unfortunately that seems to requires changing what we > > use to set the parameter... > > Right. The patch in https://commitfest.postgresql.org/48/5025/ does allow for > accepting both but that's a different discussion.
Just a reminder that, if we do want to change this for 18 onward, the window is closing. Adding x25519 to the default groups seems like a good idea to me, whether we can get something backpatched or not. Thanks, --Jacob
