| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Andres Freund <andres(at)anarazel(dot)de> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Marko Kreen <markokr(at)gmail(dot)com>, Adrian Klaver <adrian(dot)klaver(at)gmail(dot)com>, Peter Eisentraut <peter_e(at)gmx(dot)net>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Subject: | Re: ecdh support causes unnecessary roundtrips |
| Date: | 2024-07-29 22:25:59 |
| Message-ID: | 50A4C9BE-A3B0-45CA-BE07-44682DAFC30B@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 17 Jun 2024, at 19:56, Andres Freund <andres(at)anarazel(dot)de> wrote:
> On 2024-06-17 19:51:45 +0200, Daniel Gustafsson wrote:
>> Changing the default of the ecdh GUC would perhaps be doable?
>
> I was wondering whether we could change the default so that it accepts both
> x25519 and secp256r1. Unfortunately that seems to requires changing what we
> use to set the parameter...
Right. The patch in https://commitfest.postgresql.org/48/5025/ does allow for
accepting both but that's a different discussion.
Changing, and backpatching, the default to at least keep new installations from
extra roundtrips doesn't seem that far off in terms of scope from what
860fe27ee1e2 backpatched. Maybe it can be an option.
>> Amending the documentation is the one thing we certainly can do but 99.9% of
>> affected users won't know they are affected so won't look for that section.
>
> Yea. It's also possible that some other bindings changed their default to
> match ours...
There is that possibility, though I think we would've heard something about
that by now if that had happened.
--
Daniel Gustafsson
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jacob Champion | 2024-07-29 22:30:21 | Re: [PoC] Federated Authn/z with OAUTHBEARER |
| Previous Message | Tom Lane | 2024-07-29 22:14:10 | Speeding up ruleutils' name de-duplication code, redux |