Avoid using the X25519 curve in ssl tests

The X25519 curve is disallowed when OpenSSL is configured for
FIPS mode which makes the testsuite fail.  Since X25519 isn't
required for the tests we can remove it to allow FIPS enabled
configurations to run the tests.

Author: Daniel Gustafsson <daniel@yesql.se>
Reported-by: Tom Lane <tgl@sss.pgh.pa.us>
Discussion: https://postgr.es/m/3521653.1770666093@sss.pgh.pa.us

diff --git a/src/test/ssl/t/SSL/Server.pm b/src/test/ssl/t/SSL/Server.pm
index a023fa6bdeeb6b31a1958587a6a5857d4da7cfaa..4c101a265038bd770d3fa0103f7e5e173a8c8282 100644 (file)
--- a/src/test/ssl/t/SSL/Server.pm
+++ b/src/test/ssl/t/SSL/Server.pm
@@ -324,7 +324,7 @@ sub switch_server_cert
        $node->append_conf('sslconfig.conf', $backend->set_server_cert(\%params));
        # use lists of ECDH curves and cipher suites for syntax testing
        $node->append_conf('sslconfig.conf',
-               'ssl_groups=X25519:prime256v1:secp521r1');
+               'ssl_groups=prime256v1:secp521r1');
        $node->append_conf('sslconfig.conf',
                'ssl_tls13_ciphers=TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256');