From e279a9762831e8495fc5b1fc23198fb99e741af0 Mon Sep 17 00:00:00 2001
From: Daniel Gustafsson <dgustafsson@postgresql.org>
Date: Wed, 5 Mar 2025 00:54:28 +0100
Subject: [PATCH] Add x25519 to the default set of curves

Since many clients default to the x25519 curve in the TLS handshake,
the fact that the server by defualt doesn't support it cause an extra
roundtrip for each TLS connection.  By adding multiple curves, which
is supported since 3d1ef3a15c3eb68da, we can reduce the risk of extra
roundtrips.

Reported-by: Andres Freund <andres@anarazel.de>
Discussion: https://postgr.es/m/20240616234612.6cslu7nqexquvwj7@awork3.anarazel.de
---
 doc/src/sgml/config.sgml                      | 2 +-
 src/backend/utils/misc/guc_tables.c           | 2 +-
 src/backend/utils/misc/postgresql.conf.sample | 2 +-
 src/test/ssl/t/SSL/Server.pm                  | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
index d2fa5f7d1a9..d548a159a31 100644
--- a/doc/src/sgml/config.sgml
+++ b/doc/src/sgml/config.sgml
@@ -1520,7 +1520,7 @@ include_dir 'conf.d'
         It does not need to be the same curve used by the server's Elliptic
         Curve key.  This parameter can only be set in the
         <filename>postgresql.conf</filename> file or on the server command line.
-        The default is <literal>prime256v1</literal>.
+        The default is <literal>x25519:prime256v1</literal>.
        </para>
 
        <para>
diff --git a/src/backend/utils/misc/guc_tables.c b/src/backend/utils/misc/guc_tables.c
index ad25cbb39c5..c755f122ab2 100644
--- a/src/backend/utils/misc/guc_tables.c
+++ b/src/backend/utils/misc/guc_tables.c
@@ -4755,7 +4755,7 @@ struct config_string ConfigureNamesString[] =
 		},
 		&SSLECDHCurve,
 #ifdef USE_SSL
-		"prime256v1",
+		"x25519:prime256v1",
 #else
 		"none",
 #endif
diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample
index 2d1de9c37bd..923c924f137 100644
--- a/src/backend/utils/misc/postgresql.conf.sample
+++ b/src/backend/utils/misc/postgresql.conf.sample
@@ -114,7 +114,7 @@
 #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL'	# allowed TLSv1.2 ciphers
 #ssl_tls13_ciphers = ''	# allowed TLSv1.3 cipher suites, blank for default
 #ssl_prefer_server_ciphers = on
-#ssl_groups = 'prime256v1'
+#ssl_groups = 'x25519:prime256v1'
 #ssl_min_protocol_version = 'TLSv1.2'
 #ssl_max_protocol_version = ''
 #ssl_dh_params_file = ''
diff --git a/src/test/ssl/t/SSL/Server.pm b/src/test/ssl/t/SSL/Server.pm
index 447469d8937..23ea0ae1417 100644
--- a/src/test/ssl/t/SSL/Server.pm
+++ b/src/test/ssl/t/SSL/Server.pm
@@ -301,7 +301,7 @@ sub switch_server_cert
 	$node->append_conf('sslconfig.conf', "ssl=on");
 	$node->append_conf('sslconfig.conf', $backend->set_server_cert(\%params));
 	# use lists of ECDH curves and cipher suites for syntax testing
-	$node->append_conf('sslconfig.conf', 'ssl_groups=prime256v1:secp521r1');
+	$node->append_conf('sslconfig.conf', 'ssl_groups=x25519:prime256v1:secp521r1');
 	$node->append_conf('sslconfig.conf',
 		'ssl_tls13_ciphers=TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256');
 
-- 
2.39.3 (Apple Git-146)