Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1vw8Yo-004xoy-2C
	for pgsql-hackers@arkaria.postgresql.org;
	Sat, 28 Feb 2026 00:51:58 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1vw8Yl-008SzY-1d
	for pgsql-hackers@arkaria.postgresql.org;
	Sat, 28 Feb 2026 00:51:55 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <jacob.champion@enterprisedb.com>)
	id 1vw8Yl-008Sz3-0g
	for pgsql-hackers@lists.postgresql.org;
	Sat, 28 Feb 2026 00:51:55 +0000
Received: from mail-qv1-xf2f.google.com ([2607:f8b0:4864:20::f2f])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.98.2)
	(envelope-from <jacob.champion@enterprisedb.com>)
	id 1vw8Yh-00000001arz-2SGc
	for pgsql-hackers@postgresql.org;
	Sat, 28 Feb 2026 00:51:53 +0000
Received: by mail-qv1-xf2f.google.com with SMTP id 6a1803df08f44-899ba9a699cso15604926d6.2
        for <pgsql-hackers@postgresql.org>; Fri, 27 Feb 2026 16:51:52 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1772239912; cv=none;
        d=google.com; s=arc-20240605;
        b=GsTOEEvsxS8Fwqvaafel5scSyYdvy8T96iTXeOTIdchOF0TFv8LjFq1ZYAsynXzEXt
         i7zc9rNGfQBnzepJoFWm3Ut1zTQjHJDVGj9kFNq/408z8mmmXViFyww9ZUNhV/E7TGkX
         x5+NGhHu0owAz1xDlQtDP1q7q8SJ/HAx8i+WEtgQ810JyUPsEBQY79JWLEtglulm4+Bw
         uZqzwM0G2Fdvtw174FVTcV9OakHEuh0HkivRsD6RMsiVCGfVXcLqRfcQWYQeem6xRZPD
         Y2mFj27+csGTSJ0ipIs3XD3KCDPlSRaOKCWc6IOEUArgA/XZv7teWsBm2mgSuSMbJ2XB
         mLYw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=48eiiDHVrvci3YRNrZxA7brE2IcW0g1D2f3hX5CIodg=;
        fh=3dTxU4E23VTYgcpA1xapHX2ovrkXb4CxmDwlVSUGqC8=;
        b=DH9cIlD3eFi2RN4TjV25zg6lqlB8E7R9DqftcmdXqopszt6NummM1MrfkXsIx7YvZp
         GXwhyb60CY4D9VHU+OoTggW94BbhtLL0p57tatWgYYSMtsBU00/+iM6IoZefbVThA+Zq
         VwIt50UrtknzQBiJkMGSi39wabeJr41wsWy1Re2WagtauV8DWqaAWRYqMO+8lfXqCT7P
         t6k4tWum+xQXrqUfAHGjTLISg2WPfb78hKZOABICmh73nbzpYwOXh5ygILdPBYQZD+b9
         kmbxVxW3H62dCei0Yv+xCJkFTPfdQjqINrg+zm1BSKk/nfSSZ/JuZLTs7zmCSABLXCMu
         xHWw==;
        darn=postgresql.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=enterprisedb.com; s=google; t=1772239912; x=1772844712; darn=postgresql.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=48eiiDHVrvci3YRNrZxA7brE2IcW0g1D2f3hX5CIodg=;
        b=c+gjGcnjvt9ukK4v5mV2gQBs7mAi3t3P+/q53xVl+U0yaTRJyJ9tzB0bVel6J3VuP4
         NQuN6bVbtlSTxujvC4mApuGbE6uxp9nGdGwFXxJarYZrX3T/sDY4n7OvSWAypaDQwH+9
         ma/Rsuo7Jkori0MRTxgt6B1RNvnebuTOQjIOY4Rppv4KMa9qGKyF7qtSTYqIESFr9AJ/
         mTsbHlGC8PGtC4gxug+JmaZkW12bVDJMI6HsytvrDDPz/8PhMAbALuhkFtNCMd0DDfIb
         xBbmvpbPQdDR78sdU+ERR4WfymoMOhgrjiS6z4FA1K/gi+Pt6zc0MBB+LafEfJqZEMhg
         +5Kg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1772239912; x=1772844712;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=48eiiDHVrvci3YRNrZxA7brE2IcW0g1D2f3hX5CIodg=;
        b=WUSmRXoXTBLfMPjYkPgXE3zrYjAVTEjUBqfsqtVbeKlM1BQHUOUZCU3a8krhqS98KW
         H8sjiGMlcgDtm7HGHZaKnLrwEkgVmm1NOsYa+OFqLk1wQsqnzK31O+kxEifdno4IZ1wF
         rNTu68tcQxBBHAeCvGKq7GNGfTn2r8I2YVF1QoPxbzh+uS8uv9/RrqacfiRO/y25Lq/d
         EN9XvM9Mp6Nb9VZreakZKCpMayyNCipq/0FWqBHVwts5E/j2Tu97mNVTXkmysZF1b22b
         GIJLaZHgLCuTYukIncNEsg3kPIl4AYOZgsLwUOzh1rHSN13zE92apkaubOzCtmquC89L
         obGw==
X-Forwarded-Encrypted: i=1; AJvYcCUnu0g5/sbHouwzKU3ChHi9P++8s2D8GIPlqQ8Do1BoVqpK+iG8MPdMj3SzTCbK4bXDr/mUqE2j6TvtSVuC@postgresql.org
X-Gm-Message-State: AOJu0YwQQH0okPfIlasKr+NpEXuqvM8O+9F5PH+WixBCX/AR3CWRZrrE
	xo3AbvyAdaANi5TcsLFoM/0YzJ5RUi2W6SwAZKl27hM2yk1t1bNmhNof1Exg8CbWOKhYwUzAcvj
	Lo8s6tPnJv/olK7nex9fLbeV7DUw0TmWT+sW9vaef
X-Gm-Gg: ATEYQzy+xRUZjqUwssahb+YQIrkjpbeBMNSCGIEzahB86A8tooPtwqFQRIm23mxQtCQ
	BIoOvZDYDztpppXlGR0b/3Xd2NOdGF6P8SRVSaXF93EKqddCaWXiF85y3lTvkwl5BxIee22jHoW
	F992YOfufpvw5/BhACk9AcYOvOMV02Q+D90Td1igJPebYG78bnuwnI8ciu6Gs9rAOb/fjr1ONki
	JXUgIAz3Ly4YWR5pfpajwtkVh2GEi7wcbzxEdVWVOYOyvvpVIG8MiGLdLCauoMzwy030IRPnEF3
	NDQyXRkpZQ==
X-Received: by 2002:a05:6214:2481:b0:899:be2b:68f5 with SMTP id
 6a1803df08f44-899d1e37adbmr71725596d6.34.1772239911682; Fri, 27 Feb 2026
 16:51:51 -0800 (PST)
MIME-Version: 1.0
References: <d57duqvzkxe43oons3jkdq7pj2wacidg7qorxommri74evu3l2@4x53she7mf77>
 <D1EC4B00-9593-488F-916D-090A73E69B4E@yesql.se> <CAOYmi+nkT7rkbNd6que0wtz=epOikgBKSDR88DQ=cyNJwiUw8Q@mail.gmail.com>
 <srua2tidoiztaytmxlwjfpjhntxelmxpfta4lhulvlker444yg@sf232zqm3qvs>
 <CAOYmi+k7v6hP5nM7BQdKu37TJFi-X=d7_SDswZBV5q0awxPVYg@mail.gmail.com> <qyw7l5ztbqouluctxgbxc2aty43suulka2q4ybpaew4tey7rlw@l66rjb7vxxhk>
In-Reply-To: <qyw7l5ztbqouluctxgbxc2aty43suulka2q4ybpaew4tey7rlw@l66rjb7vxxhk>
From: Jacob Champion <jacob.champion@enterprisedb.com>
Date: Fri, 27 Feb 2026 16:51:40 -0800
X-Gm-Features: AaiRm50zERfwJDmEOggAHPrX_uAqNdWYmYB9KkejCyWSbPGJC8f5auPrjiM56mY
Message-ID: <CAOYmi+=r50Kk1c7A7O8yXwJzALyyqDmQE7FiCZvZmt_3WRBGwQ@mail.gmail.com>
Subject: Re: Add ssl_(supported|shared)_groups to sslinfo
To: Dmitry Dolgov <9erthalion6@gmail.com>
Cc: Daniel Gustafsson <daniel@yesql.se>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: <https://www.postgresql.org/message-id/CAOYmi%2B%3Dr50Kk1c7A7O8yXwJzALyyqDmQE7FiCZvZmt_3WRBGwQ%40mail.gmail.com>
Precedence: bulk

On Fri, Feb 27, 2026 at 10:57=E2=80=AFAM Dmitry Dolgov <9erthalion6@gmail.c=
om> wrote:
> I take it as an argument that
> expanding sslinfo goal and focus is not a problem, as long as it's
> clearly communicated and documented. What do you think?

Yeah -- as long as the API stays coherent, I have no issue with
expanding sslinfo's capabilities.

>     select * from ssl_group_info();
>         type    |        name
>     ------------+--------------------
>      negotiated | X25519MLKEM768
>      shared     | X25519MLKEM768
>      shared     | x25519
>      supported  | X25519MLKEM768
>      supported  | x25519

Hmm, I'm developing strong opinions over something I said I didn't
feel strongly about. Sorry...

The type names "negotiated", "shared" and "supported" don't really
tell me much as an end user. I know, as a dev, that "negotiated" is
the one that was chosen, "supported" is what the client provided, and
"shared" is the intersection of the client and server sets. But I
think it'd be good to choose names that are either based on the
official TLS specification, or immediately clear to someone who is not
well-versed in TLS to begin with, as opposed to using OpenSSL's
internal API names.

Also, I feel like this is still missing the server side of the Venn diagram=
.

Also also: if we later expose a version of this table for the
ciphersuites or other negotiated parameters, is this how we'd want the
table to look? What did you care most about when you were debugging?

--Jacob