> On 18 Mar 2025, at 16:07, Andres Freund wrote:
> On 2025-03-18 10:45:41 +0100, Daniel Gustafsson wrote:
>> Thanks for doing that, I'll try to get this in during a break in todays
>> conference.
>
> Thanks to both of you for fixing this!
No worries, this has now been committed. Whether or not
> On 18 Mar 2025, at 00:34, Jacob Champion
> wrote:
>
> On Thu, Mar 13, 2025 at 2:41 PM Daniel Gustafsson wrote:
>> OpenSSL 3.4 also doesn't like it and AFAICT neither does the upcoming 3.5,
>> just
>> haven't had the cycles yet to ship out a new patch with all the
>> time-consuming
>> testin
Hi,
On 2025-03-18 10:45:41 +0100, Daniel Gustafsson wrote:
> Thanks for doing that, I'll try to get this in during a break in todays
> conference.
Thanks to both of you for fixing this!
I wonder how we could make it easier to find stuff like this and 274bbced853,
it's pretty painful right now.
On Thu, Mar 13, 2025 at 2:41 PM Daniel Gustafsson wrote:
> OpenSSL 3.4 also doesn't like it and AFAICT neither does the upcoming 3.5,
> just
> haven't had the cycles yet to ship out a new patch with all the time-consuming
> testing it requires =)
Here is a squash fix to change the capitalization
On Tue, Mar 4, 2025 at 4:05 PM Daniel Gustafsson wrote:
> > On 4 Mar 2025, at 20:19, Daniel Gustafsson wrote:
> > Thanks for the reminder, this is sitting on my must-have TODO for 18 and I
> > agree that we should add x25519 to the default set.
>
> And to add some code for that proposal, the atta
On Thu, Mar 13, 2025 at 2:41 PM Daniel Gustafsson wrote:
> OpenSSL 3.4 also doesn't like it and AFAICT neither does the upcoming 3.5
Hm. FWIW, I have no issues locally with 3.4 or 3.5-alpha. Only with LibreSSL.
--Jacob
> On 13 Mar 2025, at 22:39, Jacob Champion
> wrote:
>
> On Tue, Mar 4, 2025 at 4:05 PM Daniel Gustafsson wrote:
>>> On 4 Mar 2025, at 20:19, Daniel Gustafsson wrote:
>>> Thanks for the reminder, this is sitting on my must-have TODO for 18 and I
>>> agree that we should add x25519 to the defaul
> On 4 Mar 2025, at 20:19, Daniel Gustafsson wrote:
>> On 4 Mar 2025, at 20:13, Jacob Champion
>> wrote:
>> Just a reminder that, if we do want to change this for 18 onward, the
>> window is closing. Adding x25519 to the default groups seems like a
>> good idea to me, whether we can get somethi
On Mon, Jul 29, 2024 at 3:26 PM Daniel Gustafsson wrote:
> > On 17 Jun 2024, at 19:56, Andres Freund wrote:
> > On 2024-06-17 19:51:45 +0200, Daniel Gustafsson wrote:
>
> >> Changing the default of the ecdh GUC would perhaps be doable?
> >
> > I was wondering whether we could change the default s
> On 4 Mar 2025, at 20:13, Jacob Champion
> wrote:
>
> On Mon, Jul 29, 2024 at 3:26 PM Daniel Gustafsson wrote:
>>> On 17 Jun 2024, at 19:56, Andres Freund wrote:
>>> On 2024-06-17 19:51:45 +0200, Daniel Gustafsson wrote:
>>
Changing the default of the ecdh GUC would perhaps be doable?
>
> On 17 Jun 2024, at 19:56, Andres Freund wrote:
> On 2024-06-17 19:51:45 +0200, Daniel Gustafsson wrote:
>> Changing the default of the ecdh GUC would perhaps be doable?
>
> I was wondering whether we could change the default so that it accepts both
> x25519 and secp256r1. Unfortunately that se
Hi,
On 2024-06-17 19:51:45 +0200, Daniel Gustafsson wrote:
> > On 17 Jun 2024, at 19:44, Andres Freund wrote:
>
> >> Let's bring that to Erica's patch for allowing a list of curves.
> >
> > I'm kinda wondering if we ought to do something about this in the
> > backbranches. Forcing unnecessary r
> On 17 Jun 2024, at 19:44, Andres Freund wrote:
>> Let's bring that to Erica's patch for allowing a list of curves.
>
> I'm kinda wondering if we ought to do something about this in the
> backbranches. Forcing unnecessary roundtrips onto everyone for the next five
> years due to an oversight on
Hi,
On 2024-06-17 19:29:47 +0200, Daniel Gustafsson wrote:
> >> I wonder if that made OpenSSL override the min protocol version and switch
> >> to a TLS1.3 ClientHello since it otherwise couldn't announce the curve.
> >
> > The client seems to announce the curve in the initial ClientHello even wit
> On 17 Jun 2024, at 19:01, Andres Freund wrote:
> On 2024-06-17 12:00:30 +0200, Daniel Gustafsson wrote:
>>> On 17 Jun 2024, at 01:46, Andres Freund wrote:
>>> I don't know if it's good that we're calling SSL_CTX_set_tmp_ecdh at all,
>>
>> To set the specified curve in ssl_ecdh_curve we have t
On Mon, Jun 17, 2024 at 10:01 AM Andres Freund wrote:
> On 2024-06-17 12:00:30 +0200, Daniel Gustafsson wrote:
> > To set the specified curve in ssl_ecdh_curve we have to don't we?
>
> Sure, but it's not obvious to me why we actually want to override openssl's
> defaults here. There's not even a p
Hi,
On 2024-06-17 12:00:30 +0200, Daniel Gustafsson wrote:
> > On 17 Jun 2024, at 01:46, Andres Freund wrote:
>
> > When connecting with a libpq based client, the TLS establishment ends up
> > like
> > this in many configurations;
> >
> > C->S: TLSv1 393 Client Hello
> > S->C: TLSv1.3 167 Hello
> On 17 Jun 2024, at 01:46, Andres Freund wrote:
> When connecting with a libpq based client, the TLS establishment ends up like
> this in many configurations;
>
> C->S: TLSv1 393 Client Hello
> S->C: TLSv1.3 167 Hello Retry Request, Change Cipher Spec
> C->S: TLSv1.3 432 Change Cipher Spec, Cli
Hi,
When connecting with a libpq based client, the TLS establishment ends up like
this in many configurations;
C->S: TLSv1 393 Client Hello
S->C: TLSv1.3 167 Hello Retry Request, Change Cipher Spec
C->S: TLSv1.3 432 Change Cipher Spec, Client Hello
S->C: TLSv1.3 1407 Server Hello, Application Dat
19 matches
Mail list logo
