Re:Re: Add support to TLS 1.3 cipher suites and curves lists

Hi Peter,
Thanks a lot for the quick response. We are using Postgres instance in our product. For some security consideration, we prefer to use TLS1.3 cipher suites in our product with some customization values instead of default value "HIGH:MEDIUM:+3DES:!aNULL". Moreover we prefer to set a group of ecdh keys instead of a single value.

I see the https://commitfest.postgresql.org/48/ is still open, could it be possible to target for PG17? As I know PG17 is going to be release this year so that we can upgrade our instances to this new version accodingly.

Original Email

Sender:"Peter Eisentraut"< peter(at)eisentraut(dot)org &gt;;

Sent Time:2024/6/7 16:55

To:"Erica Zhang"< ericazhangy2021(at)qq(dot)com &gt;;"pgsql-hackers"< pgsql-hackers(at)lists(dot)postgresql(dot)org &gt;;

Subject:Re: Add support to TLS 1.3 cipher suites and curves lists

On 07.06.24 08:10, Erica Zhang wrote:
&gt; I’m a Postgres user and I’m looking into restricting the set of allowed
&gt; ciphers on Postgres and configure a concrete set of curves on our
&gt; postgres instances.

Out of curiosity, why is this needed in practice?

&gt; Could you please help to review to see if you are interested in having
&gt; this change in upcoming Postgres major release(It's should be PG17)?

It would be targetting PG18 now.