Skip site navigation (1) Skip section navigation (2)

Re: Speed of SSL connections; cost of renegotiation

From: Sean Chittenden <sean(at)chittenden(dot)org>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-hackers(at)postgreSQL(dot)org, pgsql-interfaces(at)postgreSQL(dot)org
Subject: Re: Speed of SSL connections; cost of renegotiation
Date: 2003-04-11 02:58:25
Message-ID: 20030411025825.GK79923@perrin.int.nxad.com (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-interfaces
> >> So, questions for the group: where did the decision to renegotiate
> >> every 64K come from?  Do we need it at all?  Do we need it at such a
> >> short interval?  And if we do need it, shouldn't the logic be
> >> symmetric, so that renegotiations are forced during large input
> >> transfers as well as large output transfers?
> 
> > It doesn't look like there's any guidance from mod_ssl in Apache 2.0.
> 
> Yeah, I looked at mod_ssl before sending in my gripe.  AFAICT Apache
> *never* forces a renegotiation based on amount of data sent --- all
> that code is intended just to handle transitions between different
> webpages with different security settings.  So is that a precedent
> we can follow; or is it an optimization based on the assumption that
> not a lot of data will be transferred on any one web page?

I'd assume it's a precedent we can follow given that mod_ssl was
written by the same crew that did openssl.  That said, I hope that
Ralf knows his stuff, nevermind that I haven't seen anyone jump all
over Apache for not-renegotiating its keys (and quite a few folks have
looked at that).  My best guess is that you only have to key the
session once and only need to renegotiate that key if you change
cyphers or are worried about someone obtaining a key.... that said,
OpenSSH does rekey periodically, but I think those guys are overly
paranoid.  Even still, OpenSSH rekeys every 10min I think, not every
64K.

>From sshd(8):

     -k key_gen_time
             Specifies how often the ephemeral protocol version 1 server key
             is regenerated (default 3600 seconds, or one hour).  The motiva-
             tion for regenerating the key fairly often is that the key is not
             stored anywhere, and after about an hour, it becomes impossible
             to recover the key for decrypting intercepted communications even
             if the machine is cracked into or physically seized.  A value of
             zero indicates that the key will never be regenerated.

Drat, close: once every hour.  I think it'd be safe to jack that puppy
pretty high or to use a time based rekeying, not data transfer based.
Seconds since epoc since last rekeying should always be less than
3600?  Don't know that we'd want to poll gettimeofday() does
postgresql have any timer code sitting around in the tree?

> (But even if you assume the latter, there are plenty of web pages
> with more than 64K of data.  It's hard to believe mod_ssl would be
> built like that if security demands a renegotiation every 64K or
> so.)

Hopefully it takes less than one hour for an HTTP request to go
through, regardless of the size.

-- 
Sean Chittenden


In response to

Responses

pgsql-hackers by date

Next:From: Tom LaneDate: 2003-04-11 03:05:53
Subject: Re: Speed of SSL connections; cost of renegotiation
Previous:From: Tom LaneDate: 2003-04-11 02:54:41
Subject: Re: [HACKERS] More thoughts about FE/BE protocol

pgsql-interfaces by date

Next:From: Tom LaneDate: 2003-04-11 03:05:53
Subject: Re: Speed of SSL connections; cost of renegotiation
Previous:From: Tom LaneDate: 2003-04-11 02:54:41
Subject: Re: [HACKERS] More thoughts about FE/BE protocol

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group