> On Thu, Oct 24, 2024 at 03:52:43PM +0200, Daniel Gustafsson wrote:
> > On 16 Oct 2024, at 17:30, Jacob Champion <[email protected]>
> > wrote:
>
> > Other than that, LGTM!
>
> Thanks for all the review work, I went ahead and pushed this patchseries today
> after a little bit more polishing of comments and docs. So far plover has
> failed which was expected due to the raised OpenSSL/LibreSSL requirement, I
> will reach out to BF animal owners for upgrades.
Hi,
Apologies for posting in an old thread, but I've stumbled upon an
interesting situation. SSL_CTX_set1_groups_list allow to specify TLS
supported groups, which alongside with curves can also set key shares.
At the same time openssl 3.5 has introduced a new type of key shares
(X25519MLKEM768 and X25519) for hybrid key post-quantum/classical key
agreement schemes (ML-KEM from FIPS 203), which are the default values.
The fact that since this commit PostgreSQL uses SSL_CTX_set1_groups_list
means that pre 18 versions cannot use such hybrid schemes. I.e. in 18
# postgresql.conf
ssl_groups="X25519MLKEM768:X25519:prime256v1"
$ openssl s_client -starttls postgres -connect localhost:5432 -groups
X25519MLKEM768 -brief
Connecting to 127.0.0.1
Can't use SSL_get_servername
depth=0 CN=test
verify error:num=18:self-signed certificate
CONNECTION ESTABLISHED
Protocol version: TLSv1.3
Ciphersuite: TLS_AES_256_GCM_SHA384
Peer certificate: CN=test
Hash used: SHA256
Signature type: rsa_pss_rsae_sha256
Verification error: self-signed certificate
Negotiated TLS1.3 group: X25519MLKEM768
Doing the same before seems to be not possible: ssl_ecdh_curve would not
acceps MKLEM name, since it fails to find it in OBJ_sn2nid; not setting
anything doesn't pick up openssl defaults either, the test above shows
no common groups.
Unless I'm missing something, that means pre 18 version cannot use
post-quantum schemes, which have become a part of standard recently. The
last such version goes out of support in 2029. I know it's a long shot,
but with that in mind are there any chances of backporting this change set?
