| From: | Peter Eisentraut <peter(at)eisentraut(dot)org> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se>, Erica Zhang <ericazhangy2021(at)qq(dot)com> |
| Cc: | Andres Freund <andres(at)anarazel(dot)de>, Jelte Fennema-Nio <postgres(at)jeltef(dot)nl>, Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>, pgsql-hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Add support to TLS 1.3 cipher suites and curves lists |
| Date: | 2024-07-11 21:16:37 |
| Message-ID: | f339166b-8ab5-4bd6-96ae-d4acf4c3751c@eisentraut.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 03.07.24 17:20, Daniel Gustafsson wrote:
> After fiddling a bit with the code and documentation I came up with the
> attached version which also makes the testsuite use the list syntax in order to
> test it. It's essentially just polish and adding comments with the functional
> changes that a) it parses the entire list of curves so all errors can be
> reported instead of giving up at the first error; b) leaving the cipher suite
> GUC blank will set the suites to the OpenSSL default vale.
It would be worth checking the discussion at
<https://www.postgresql.org/message-id/flat/79692bf9-17d3-41e6-b9c9-fc8c3944222a(at)eisentraut(dot)org>
about strtok()/strtok_r() issues. First, for list parsing, it sometimes
gives the wrong semantics, which I think might apply here. Maybe it's
worth comparing this with the semantics that OpenSSL provides natively.
And second, strtok_r() is not available on Windows without the
workaround provided in that thread.
I'm doubtful that it's worth replicating all this list parsing logic
instead of just letting OpenSSL do it. This is a very marginal feature
after all.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2024-07-11 21:22:50 | Re: Cutting support for OpenSSL 1.0.1 and 1.0.2 in 17~? |
| Previous Message | Tatsuo Ishii | 2024-07-11 20:58:22 | Re: CFbot failed on Windows platform |