rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

doc: improve ssl_ecdh_curve descriptions 

Patch by Marko Kreen
This commit is contained in:
Bruce Momjian 2014-05-27 21:30:20 -04:00
parent b8cc8f9473
commit 49cf2cd815
2 changed files with 20 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
doc/src/sgml/config.sgml
View File

@ -1020,13 +1020,23 @@ include 'filename'
</term>
<listitem>
<para>
Specifies the name of the curve to use in ECDH key exchanges. The
default is <literal>prime256p1</>.
Specifies the name of the curve to use in ECDH key exchange.
It needs to be supported by all clients that connect.
It does not need to be same curve as used by server's
Elliptic Curve key. The default is <literal>prime256v1</>.
</para>
<para>
The list of available curves can be shown with the command
<literal>openssl ecparam -list_curves</literal>.
OpenSSL names for most common curves:
<literal>prime256v1</> (NIST P-256),
<literal>secp384r1</> (NIST P-384),
<literal>secp521r1</> (NIST P-521).
</para>
<para>
The full list of available curves can be shown with the command
<literal>openssl ecparam -list_curves</literal>. Not all of them
are usable in TLS though.
</para>
</listitem>
</varlistentry>

11
doc/src/sgml/release-9.4.sgml
View File

@ -616,17 +616,18 @@
</para>
<para>
Such keys are faster and have improved security over previous
options. The new configuration
parameter <link linkend="guc-ssl-ecdh-curve"><varname>ssl_ecdh_curve</></link>
controls which curve is used.
This allows use of Elliptic Curve keys for server authentication.
Such keys are faster and have improved security over <acronym>RSA</> keys.
The new configuration parameter
<link linkend="guc-ssl-ecdh-curve"><varname>ssl_ecdh_curve</></link>
controls which curve is used for <acronym>ECDH</>.
</para>
</listitem>
<listitem>
<para>
Improve the default <link
linkend="guc-ssl-ciphers"><varname>ssl_ciphers</></link> ciphers
linkend="guc-ssl-ciphers"><varname>ssl_ciphers</></link> value
(Marko Kreen)
</para>
</listitem>