The following documentation comment has been logged on the website: Page: https://www.postgresql.org/docs/16/ssl-tcp.html Description:
There is no mention of key lengths on the manual page about SSL/TLS connections even though there are restrictions. It probably depends on the build which is why it's been omitted, but I think to help new people it would be great to have a Note box that covers key lengths restrictions. It came up on reddit today and while the following is in the error log.. FATAL: could not load server certificate file "/etc/postgresql/16/main/server.crt": ee key too small It is amongst a chain of other messages and has a long line such that it could be missed as it's truncated (though it should still have been spotted of course). Regardless, I like the idea of all the things you need to do/be mindful of being in the manual. It could be something like.. Note Some builds of PostgreSQL specify a minimum key length for certificates to enforce best-practices. If the key you use is does not meet or exceed this minimum length PostgreSQL will fail to start. It's common practice to require a key of at least length 2048.
