Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1vubVx-00FUCa-0l
	for pgsql-hackers@arkaria.postgresql.org;
	Mon, 23 Feb 2026 19:22:41 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1vubVv-00Ejwl-1o
	for pgsql-hackers@arkaria.postgresql.org;
	Mon, 23 Feb 2026 19:22:39 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <jacob.champion@enterprisedb.com>)
	id 1vubVv-00Ejwd-0o
	for pgsql-hackers@lists.postgresql.org;
	Mon, 23 Feb 2026 19:22:39 +0000
Received: from mail-qv1-xf33.google.com ([2607:f8b0:4864:20::f33])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.98.2)
	(envelope-from <jacob.champion@enterprisedb.com>)
	id 1vubVq-00000000ulc-3Lrl
	for pgsql-hackers@postgresql.org;
	Mon, 23 Feb 2026 19:22:37 +0000
Received: by mail-qv1-xf33.google.com with SMTP id 6a1803df08f44-89473f15ed8so42657266d6.2
        for <pgsql-hackers@postgresql.org>; Mon, 23 Feb 2026 11:22:34 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1771874553; cv=none;
        d=google.com; s=arc-20240605;
        b=JwK3P2QUxtGWPYtTSlU+nK6m3Vk8M57y278jpkvrXE6rO2YTkNI/j+3ZtzLRxAtyrr
         m54i7S6rGvfOqPds7ZJLbt3KD//qJlazh6FFrS22Nqfn0520iVKrBhhac/vbk0VA8Mpo
         /30YVLuWyyA0Snkl8XoniGaPqF24+FXm4PeYCVQsqBkKCg/YyCJVpKHeT2kP3puHgeRz
         4qUdnf8fudukZj43zfs0h8tGIVt4ZRmCuYgngjQDo8O7pghlHFqbx+V708e9W572h38w
         Jb/ML47UWMWZWMV7zFLfIITB4SA8Ur6lVKUu6p/uhHpJdC1v0y8T1KjaWByzVY73778A
         9G0Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=rFbrN35BNNMi+Yzl4J33YTSkFrdLcJHxV18LufnMHBo=;
        fh=mGwIoLvHeCHfcqbn7wNJx1M1dH1+2jq6ZF7tPFO5D70=;
        b=MGUI5AP5YS9klmUCbh/4li1QScEEPf/0YkDh8uPbbTQy3RJktTq5NX+MMrl0t7Tuda
         M6UWl1wQk2gzULRlvsHYtiOg0ITXiPYiuBnVbo8oambjU/BeTTIUbQvvrIu1m/3Xonhm
         guouZa2hZTwz0V1P6ZAfHGvY7xmV7pLuvnXzzDBGnphQWMFpLsG1ETTxuX+nZ989mMjg
         aX1oWZYM5QMkkXojp+EOuyY2MYk8Fp5uO+sOuEAloq0HrEQI1FFZ0lKKUtGUbhco4PRX
         AofRclJ7MqRNa7k2UGGlyn2nmzj5rhK++XFsHVbn38RPOnWw1UfnNBXyH3L26IPmXDZe
         eb4w==;
        darn=postgresql.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=enterprisedb.com; s=google; t=1771874553; x=1772479353; darn=postgresql.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=rFbrN35BNNMi+Yzl4J33YTSkFrdLcJHxV18LufnMHBo=;
        b=FLQNzBRs1eBqP+AsnqSnrqLy5Qz9TOIpDvQHxD78UeGxRJtxvL873BwQbY8NMvKQzy
         O6aIqx8pojiB9FeGTv56LIYiuS9lVlKiOwK2uH75tPSVI6iSnSgWmzJpnn8pf0DoXeG0
         EhlThDWtRCOJafsjUU4pnv7DIzP9lH6HJORb/x8eVujGrgXZAGdLUSDoDahDYKiSl6Sl
         EGHAIzeTxoUZMfvfG4M0D4pccWWutsaY6CAHd8FkblGrli2q1zsvVUPCiXVh9uzq7D+G
         dNx3YdVBTx/QyYJWycVIFo7VLSYON61LiLJKxKQjBpQzzzTA0JbJhvfZhz+pWOB9QHTy
         upKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1771874553; x=1772479353;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=rFbrN35BNNMi+Yzl4J33YTSkFrdLcJHxV18LufnMHBo=;
        b=PhN4PSmymcTzKBfZdrQ7fnDEWrDtO1bOhmsPCqV537GXKA2cGyF75y28JIYqeOxjx/
         GGPbGHEfSZdsKdcL6Krp9x+Tcgt12MTWX42uNhjvz/mUiCpcvqO2qaWD2LURTEnxCldl
         JxDA780dRklj5OO0A1wyOtMhsp4PR1FymfJ0FWS+ta+XDB9OdC0k2RZyUMjC1GVRsPkl
         UogB4iGd/L98/YsKFhRZfAuMGXA6OkGhD9xTBp0yHEv0WBux9XpQwuKcfN+YPVemV2Cz
         XcQsIkY2b2oToIvPCiKL8NF/nUQUtKqi59xKFjFLj6EKaQVsMsyELtnvEe7gYcxvR3UT
         nqQA==
X-Forwarded-Encrypted: i=1; AJvYcCWubYM1Q4d2OccG+vGH5vwXhWzADl5clQVOWtGWwfSeiudq8H6CiuOPqLrkI5Hkwx6J7buYKR2O867hGRfz@postgresql.org
X-Gm-Message-State: AOJu0YxWlRCHv9EV+gVlRExJYGT+R01saataz+I0TAdWVwK8vgqnYo/9
	/ZMfJ5R3yY56VJRCqwkxg8huZovOyRK97GMlCa3nD7O/Ak8TePopPoOaAoAyZYZk7J0JRWLEYDM
	Pavl3ZVSAF083gFBW4xTt/3SXOzM2zc2QN6aHQnck
X-Gm-Gg: ATEYQzzk0HeEtwqRITLyIC24//ZPjarBOhjMhzinoW+qcHwGfbYrKe1NbcKtM7lO35m
	gMgxm8h8XWfaOlM+RHt67RftKq07z0UvI4GZtGUMqF2j7hvS3T5pE00bQKoOZ0N/YgAb+TQGWkE
	OwCyIOSd+JRb5ZacmeMICr+d6fArBGvL8qaG9OGHn6riKaxcNudSAC4OmnX47W0KAlmxURMrvL9
	NI591oXJWLZfLCohOJULomUrWa6XXhZ+h9G1HRbp1da9ew8+Y3Hb+jp0sUY+TAGfPksOjaI5WU1
	B/l/ZlfC9A==
X-Received: by 2002:a05:6214:f07:b0:896:6c2b:2947 with SMTP id
 6a1803df08f44-89979c39b35mr151544206d6.1.1771874553129; Mon, 23 Feb 2026
 11:22:33 -0800 (PST)
MIME-Version: 1.0
References: <d57duqvzkxe43oons3jkdq7pj2wacidg7qorxommri74evu3l2@4x53she7mf77>
 <D1EC4B00-9593-488F-916D-090A73E69B4E@yesql.se> <CAOYmi+nkT7rkbNd6que0wtz=epOikgBKSDR88DQ=cyNJwiUw8Q@mail.gmail.com>
 <srua2tidoiztaytmxlwjfpjhntxelmxpfta4lhulvlker444yg@sf232zqm3qvs>
In-Reply-To: <srua2tidoiztaytmxlwjfpjhntxelmxpfta4lhulvlker444yg@sf232zqm3qvs>
From: Jacob Champion <jacob.champion@enterprisedb.com>
Date: Mon, 23 Feb 2026 11:22:22 -0800
X-Gm-Features: AaiRm51gWkek4aCF_NBs8wsrn7vi7pW12OwvZc3ihK8qfUcanptvDrmKhpE4Pnk
Message-ID: <CAOYmi+k7v6hP5nM7BQdKu37TJFi-X=d7_SDswZBV5q0awxPVYg@mail.gmail.com>
Subject: Re: Add ssl_(supported|shared)_groups to sslinfo
To: Dmitry Dolgov <9erthalion6@gmail.com>
Cc: Daniel Gustafsson <daniel@yesql.se>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: <https://www.postgresql.org/message-id/CAOYmi%2Bk7v6hP5nM7BQdKu37TJFi-X%3Dd7_SDswZBV5q0awxPVYg%40mail.gmail.com>
Precedence: bulk

On Mon, Feb 23, 2026 at 9:58=E2=80=AFAM Dmitry Dolgov <9erthalion6@gmail.co=
m> wrote:
> No deep reason, it was just useful for some particular experiments and
> for gathering understanding of what's going on. Would you find it
> reasonable to have both, shared groups and the negotiated group, or
> having only the latter is strictly better?

Well, take this with a grain of salt, because I tend to use tools
other than sslinfo for TLS debugging. But it seems to me that all of
the sslinfo functions cater to facts about the current connection: the
client certificate, the cipher, the protocol version.

These new functions instead focus on what *might* have been, which
makes them kind of awkward. Maybe sslinfo should be expanded to give
us those tools as well, but I wonder if handshake debugging might be a
better fit for some debug logging on the server side. Or if there
might be an overall feature here -- "why did the negotiation behave
this way?" -- that could be better served by something that's not a
new array of sslinfo functions that have to be correlated with each
other.

(Also, while I was taking a look at ssl_extension_info(), I realized
that it's focused on certificate extensions and not protocol
extensions. It's kind of unfortunately named.)

--Jacob