From: Daniel Gustafsson Date: Fri, 5 Jun 2026 20:16:42 +0000 (+0200) Subject: doc: Use groups instead of curves in TLS documentation X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=55136e378c6bfc2240043d0edee6f92924e2c9fd;p=thirdparty%2Fpostgresql.git doc: Use groups instead of curves in TLS documentation With TLS 1.3 the concept of curves was renamed to groups. Update our wording to use groups instead of curves to make it clear what the underlying GUC can support. This was extracted from a slightly larger patch which also renamed variables to match the new terminology. Given that we are in beta this portion was however left as a future excercise. Author: Evan Si Reviewed-by: Ewan Young Discussion: https://postgr.es/m/23C40DD6-1C47-46FC-A746-8A1D8530AD3E@amazon.com Backpatch-through: 18 --- diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml index 9275cfa1b10..fa566c9e553 100644 --- a/doc/src/sgml/config.sgml +++ b/doc/src/sgml/config.sgml @@ -1573,11 +1573,11 @@ include_dir 'conf.d' - Specifies the name of the curve to use in ECDH key - exchange. It needs to be supported by all clients that connect. - Multiple curves can be specified by using a colon-separated list. - It does not need to be the same curve used by the server's Elliptic - Curve key. This parameter can only be set in the + Specifies the named group to use for TLS key + exchange. It needs to be supported by all clients that + connect. Multiple groups can be specified by using a colon-separated + list. It does not need to match the key type used by the server + certificate. This parameter can only be set in the postgresql.conf file or on the server command line. The default is X25519:prime256v1. @@ -1592,7 +1592,7 @@ include_dir 'conf.d' - OpenSSL names for the most common curves + OpenSSL names for the most common groups are: prime256v1 (NIST P-256), secp384r1 (NIST P-384),