From 07e90c6913586a5c46e55e162771aaa5a33811ba Mon Sep 17 00:00:00 2001
From: Daniel Gustafsson <dgustafsson@postgresql.org>
Date: Mon, 16 Feb 2026 15:10:16 +0100
Subject: [PATCH] Avoid using the X25519 curve in ssl tests

The X25519 curve is disallowed when OpenSSL is configured for
FIPS mode which makes the testsuite fail.  Since X25519 isn't
required for the tests we can remove it to allow FIPS enabled
configurations to run the tests.

Author: Daniel Gustafsson <daniel@yesql.se>
Reported-by: Tom Lane <tgl@sss.pgh.pa.us>
Discussion: https://postgr.es/m/3521653.1770666093@sss.pgh.pa.us
---
 src/test/ssl/t/SSL/Server.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/ssl/t/SSL/Server.pm b/src/test/ssl/t/SSL/Server.pm
index a023fa6bdee..4c101a26503 100644
--- a/src/test/ssl/t/SSL/Server.pm
+++ b/src/test/ssl/t/SSL/Server.pm
@@ -324,7 +324,7 @@ sub switch_server_cert
 	$node->append_conf('sslconfig.conf', $backend->set_server_cert(\%params));
 	# use lists of ECDH curves and cipher suites for syntax testing
 	$node->append_conf('sslconfig.conf',
-		'ssl_groups=X25519:prime256v1:secp521r1');
+		'ssl_groups=prime256v1:secp521r1');
 	$node->append_conf('sslconfig.conf',
 		'ssl_tls13_ciphers=TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256');
 
-- 
2.47.3