| From: | PG Doc comments form <noreply(at)postgresql(dot)org> |
|---|---|
| To: | pgsql-docs(at)lists(dot)postgresql(dot)org |
| Cc: | andy(at)freeborough(dot)com |
| Subject: | 19.9. Secure TCP/IP Connections with SSL |
| Date: | 2023-10-25 15:44:04 |
| Message-ID: | 169824864406.1769272.17694794243729037089@wrigleys.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs |
The following documentation comment has been logged on the website:
Page: https://www.postgresql.org/docs/16/ssl-tcp.html
Description:
There is no mention of key lengths on the manual page about SSL/TLS
connections even though there are restrictions. It probably depends on the
build which is why it's been omitted, but I think to help new people it
would be great to have a Note box that covers key lengths restrictions. It
came up on reddit today and while the following is in the error log..
FATAL: could not load server certificate file
"/etc/postgresql/16/main/server.crt": ee key too small
It is amongst a chain of other messages and has a long line such that it
could be missed as it's truncated (though it should still have been spotted
of course). Regardless, I like the idea of all the things you need to do/be
mindful of being in the manual. It could be something like..
Note
Some builds of PostgreSQL specify a minimum key length for certificates to
enforce best-practices. If the key you use is does not meet or exceed this
minimum length PostgreSQL will fail to start. It's common practice to
require a key of at least length 2048.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2023-10-25 18:31:54 | Re: Discrepancy between the documentation and the implementation |
| Previous Message | PG Doc comments form | 2023-10-25 15:20:11 | Discrepancy between the documentation and the implementation |