pgsql: SSL: Support ECDH key exchange

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: pgsql-committers(at)postgresql(dot)org
Subject: pgsql: SSL: Support ECDH key exchange
Date: 2013-12-07 20:13:21
Message-ID: E1VpOFd-00052k-4G@gemulon.postgresql.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-committers

SSL: Support ECDH key exchange

This sets up ECDH key exchange, when compiling against OpenSSL that
supports EC. Then the ECDHE-RSA and ECDHE-ECDSA cipher suites can be
used for SSL connections. The latter one means that EC keys are now
usable.

The reason for EC key exchange is that it's faster than DHE and it
allows to go to higher security levels where RSA will be horribly slow.

There is also new GUC option ssl_ecdh_curve that specifies the curve
name used for ECDH. It defaults to "prime256v1", which is the most
common curve in use in HTTPS.

From: Marko Kreen <markokr(at)gmail(dot)com>
Reviewed-by: Adrian Klaver <adrian(dot)klaver(at)gmail(dot)com>

Branch
------
master

Details
-------
http://git.postgresql.org/pg/commitdiff/3164721462d547fa2d15e2a2f07eb086a3590fd5

Modified Files
--------------
doc/src/sgml/config.sgml | 18 +++++++++++++
src/backend/libpq/be-secure.c | 34 +++++++++++++++++++++++++
src/backend/utils/misc/guc.c | 16 ++++++++++++
src/backend/utils/misc/postgresql.conf.sample | 1 +
4 files changed, 69 insertions(+)

Browse pgsql-committers by date

  From Date Subject
Next Message Peter Geoghegan 2013-12-07 21:27:14 Re: pgsql: Expose qurey ID in pg_stat_statements view.
Previous Message Fujii Masao 2013-12-07 17:06:51 pgsql: Expose qurey ID in pg_stat_statements view.