Support configuring TLSv1.3 cipher suites
The ssl_ciphers GUC can only set cipher suites for TLSv1.2, and lower,
connections. For TLSv1.3 connections a different OpenSSL API must be
used. This adds a new GUC, ssl_tls13_ciphers, which can be used to
configure a colon separated list of cipher suites to support when
performing a TLSv1.3 handshake.
Original patch by Erica Zhang with additional hacking by me.
Author: Erica Zhang <ericazhangy2021@qq.com>
Author: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Jacob Champion <jacob.champion@enterprisedb.com>
Reviewed-by: Andres Freund <andres@anarazel.de>
Reviewed-by: Peter Eisentraut <peter@eisentraut.org>
Reviewed-by: Jelte Fennema-Nio <postgres@jeltef.nl>
Discussion: https://postgr.es/m/tencent_063F89FA72CCF2E48A0DF5338841988E9809@qq.com
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/45188c2ea2391b7b24039e1632c726e2fc6b8008
Modified Files
--------------
doc/src/sgml/config.sgml | 36 +++++++++++++++++++++------
src/backend/libpq/be-secure-openssl.c | 22 +++++++++++++---
src/backend/libpq/be-secure.c | 1 +
src/backend/utils/misc/guc_tables.c | 15 +++++++++--
src/backend/utils/misc/postgresql.conf.sample | 3 ++-
src/include/libpq/libpq.h | 1 +
src/test/ssl/t/SSL/Server.pm | 3 ++-
7 files changed, 66 insertions(+), 15 deletions(-)
