Support configuring TLSv1.3 cipher suites The ssl_ciphers GUC can only set cipher suites for TLSv1.2, and lower, connections. For TLSv1.3 connections a different OpenSSL API must be used. This adds a new GUC, ssl_tls13_ciphers, which can be used to configure a colon separated list of cipher suites to support when performing a TLSv1.3 handshake.
Original patch by Erica Zhang with additional hacking by me. Author: Erica Zhang <[email protected]> Author: Daniel Gustafsson <[email protected]> Reviewed-by: Jacob Champion <[email protected]> Reviewed-by: Andres Freund <[email protected]> Reviewed-by: Peter Eisentraut <[email protected]> Reviewed-by: Jelte Fennema-Nio <[email protected]> Discussion: https://postgr.es/m/[email protected] Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/45188c2ea2391b7b24039e1632c726e2fc6b8008 Modified Files -------------- doc/src/sgml/config.sgml | 36 +++++++++++++++++++++------ src/backend/libpq/be-secure-openssl.c | 22 +++++++++++++--- src/backend/libpq/be-secure.c | 1 + src/backend/utils/misc/guc_tables.c | 15 +++++++++-- src/backend/utils/misc/postgresql.conf.sample | 3 ++- src/include/libpq/libpq.h | 1 + src/test/ssl/t/SSL/Server.pm | 3 ++- 7 files changed, 66 insertions(+), 15 deletions(-)
