open-dsi
/
postgres
mirror of https://github.com/postgres/postgres
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

doc: improve ssl_ecdh_curve descriptions

Browse Source 
Patch by Marko Kreen
pull/6/head
Bruce Momjian 12 years ago
parent b8cc8f9473
commit 49cf2cd815
2 changed files with 20 additions and 9 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 18
      doc/src/sgml/config.sgml
  2. 11
      doc/src/sgml/release-9.4.sgml

18
doc/src/sgml/config.sgml
Unescape View File

@ -1020,13 +1020,23 @@ include 'filename'
</term>
<listitem>
<para>
Specifies the name of the curve to use in ECDH key exchanges. The
default is <literal>prime256p1</>.
Specifies the name of the curve to use in ECDH key exchange.
It needs to be supported by all clients that connect.
It does not need to be same curve as used by server's
Elliptic Curve key. The default is <literal>prime256v1</>.
</para>
<para>
The list of available curves can be shown with the command
<literal>openssl ecparam -list_curves</literal>.
OpenSSL names for most common curves:
<literal>prime256v1</> (NIST P-256),
<literal>secp384r1</> (NIST P-384),
<literal>secp521r1</> (NIST P-521).
</para>
<para>
The full list of available curves can be shown with the command
<literal>openssl ecparam -list_curves</literal>. Not all of them
are usable in TLS though.
</para>
</listitem>
</varlistentry>

11
doc/src/sgml/release-9.4.sgml
Unescape View File

@ -616,17 +616,18 @@
</para>
<para>
Such keys are faster and have improved security over previous
options. The new configuration
parameter <link linkend="guc-ssl-ecdh-curve"><varname>ssl_ecdh_curve</></link>
controls which curve is used.
This allows use of Elliptic Curve keys for server authentication.
Such keys are faster and have improved security over <acronym>RSA</> keys.
The new configuration parameter
<link linkend="guc-ssl-ecdh-curve"><varname>ssl_ecdh_curve</></link>
controls which curve is used for <acronym>ECDH</>.
</para>
</listitem>
<listitem>
<para>
Improve the default <link
linkend="guc-ssl-ciphers"><varname>ssl_ciphers</></link> ciphers
linkend="guc-ssl-ciphers"><varname>ssl_ciphers</></link> value
(Marko Kreen)
</para>
</listitem>

Write Preview
Loading…
Cancel
Save