| Type: | string |
| Default: | X25519:prime256v1 |
| Context: | sighup |
| Restart: | false |
| Since: | 18 |
Specifies the name of the curve to use in ECDH key exchange. It needs to be supported by all clients that connect. Multiple curves can be specified by using a colon-separated list. It does not need to be the same curve used by the server's Elliptic Curve key. This parameter can only be set in the postgresql.conf file or on the server command line. The default is X25519:prime256v1.
OpenSSL names for the most common curves are: prime256v1 (NIST P-256), secp384r1 (NIST P-384), secp521r1 (NIST P-521). An incomplete list of available groups can be shown with the command openssl ecparam -list_curves. Not all of them are usable with TLS though, and many supported group names and aliases are omitted.
In PostgreSQL versions before 18.0 this setting was named ssl_ecdh_curve and only accepted a single value.