| From: | PG Bug reporting form <noreply(at)postgresql(dot)org> |
|---|---|
| To: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Cc: | frank(dot)buettner(at)mdc-berlin(dot)de |
| Subject: | BUG #16815: Unable to use the X448 an X25519 elliptic curves. |
| Date: | 2021-01-08 10:29:01 |
| Message-ID: | 16815-0fde6075fb21923a@postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
The following bug has been logged on the website:
Bug reference: 16815
Logged by: - -
Email address: frank(dot)buettner(at)mdc-berlin(dot)de
PostgreSQL version: 13.1
Operating system: CentOS8
Description:
The openssl version that comes with CentOS8 will support both curves.
And using the curves with the apache for example will work, so it is not an
OS related problem.
SSLOpenSSLConfCmd Groups "X448:X25519:secp521r1:secp384r1" will work.
But try the same curves on postgresql 13 will fail.
ssl_ecdh_curve = 'X448' or
ssl_ecdh_curve = 'X25519'
will fail with:
FATAL: ECDH: could not create key
using the lower X it fails with:
FATAL: ECDH: unrecognized curve name: x25519
Only the NIST ones like secp521r1 will work.
It looks like the curves with the upper X are known, but not correct
initialized.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | PG Bug reporting form | 2021-01-08 10:29:55 | BUG #16816: Unexpected escaping of html output |
| Previous Message | Michael Paquier | 2021-01-08 01:59:58 | Re: BUG #16813: error to solve the problem "Windows could not stat file - over 4GB" |