Skip site navigation (1) Skip section navigation (2)

SSL/TLS support (Was: Re: 7.3.1 stamped)

From: "Marc G(dot) Fournier" <scrappy(at)hub(dot)org>
To: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
Cc: "scott(dot)marlowe" <scott(dot)marlowe(at)ihs(dot)com>,Nathan Mueller <nmueller(at)cs(dot)wisc(dot)edu>,PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: SSL/TLS support (Was: Re: 7.3.1 stamped)
Date: 2002-12-19 02:30:18
Message-ID: 20021218222737.C63985-100000@hub.org (view raw or flat)
Thread:
Lists: pgsql-hackers
On Wed, 18 Dec 2002, Bruce Momjian wrote:

> scott.marlowe wrote:
> > > I wasn't sure how insecure SSL2 was, and whether it allowed you to
> > > authenticate without a password or something.
> >
> > SSL2 seems to get a lot of votes for being broken in ways that cannot be
> > fixed because they aren't simple buffer overflows.  see:
> >
> > http://www.lne.com/ericm/papers/ssl_servers.html#1.2
> >
> > My suggestion would be to eventually phase out ssl2 in favor of ssl3 or
> > tls.  And, as we are phasing it out, make it an opt-in thing, where the
> > dba has to turn on ssl2 KNOWING he is turning on a flawed protocol.
>
> That was sort of my point --- if we allow SSLv2 in the server, are we
> open to any security problems?  Maybe not.  I just don't know.

My understanding of SSL/TLS is that the DBA himself has to enable it ...
there has to be a server/client key setup, similar to how it gets done
with Apache for https connections ... can someone confirm whether this is
the case?

In response to

Responses

pgsql-hackers by date

Next:From: Marc G. FournierDate: 2002-12-19 02:34:07
Subject: Re: 7.3.1 stamped
Previous:From: Christopher Kings-LynneDate: 2002-12-19 02:14:13
Subject: Fancy ADD COLUMN

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group