mirror of
https://github.com/postgres/postgres.git
synced 2026-02-20 00:10:16 -05:00
doc: Add note to ssl_group config on X25519 and FIPS
The X25519 curve is not allowed when OpenSSL is configured for FIPS mode, so add a note to the documentation that the default setting must be altered for such setups. Author: Daniel Gustafsson <daniel@yesql.se> Reported-by: Tom Lane <tgl@sss.pgh.pa.us> Discussion: https://postgr.es/m/3521653.1770666093@sss.pgh.pa.us
This commit is contained in:
Daniel Gustafsson
parent
07e90c6913
commit
db93988ab0
1 changed files with 9 additions and 0 deletions
|
|
@ -1563,6 +1563,15 @@ include_dir 'conf.d'
|
|||
The default is <literal>X25519:prime256v1</literal>.
|
||||
</para>
|
||||
|
||||
<note>
|
||||
<para>
|
||||
<literal>X25519</literal> is not allowed when
|
||||
<productname>OpenSSL</productname> is configured for FIPS mode and
|
||||
must be removed from the server configuration when FIPS mode is
|
||||
enabled.
|
||||
</para>
|
||||
</note>
|
||||
|
||||
<para>
|
||||
<productname>OpenSSL</productname> names for the most common curves
|
||||
are:
|
||||
|
|
|
|||
Loading…
Reference in a new issue