| From: | Florian Weimer <fweimer(at)redhat(dot)com> |
|---|---|
| To: | Andres Freund <andres(at)2ndquadrant(dot)com>, Emil Lenngren <emil(dot)lenngren(at)gmail(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: SSL renegotiation |
| Date: | 2015-02-23 14:15:31 |
| Message-ID: | 54EB3603.1010506@redhat.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 02/22/2015 02:05 PM, Andres Freund wrote:
> On 2015-02-22 01:27:54 +0100, Emil Lenngren wrote:
>> I honestly wonder why postgres uses renegotiation at all. The motivation
>> that cryptoanalysis is easier as more data is sent seems quite
>> far-fetched.
>
> I don't think so. There's a fair number of algorithms that can/could be
> much easier be attached with lots of data available. Especially if you
> can guess/know/control some of the data. Additionally renegotiating
> regularly helps to constrain a possible key leagage to a certain amount
> of time. With backend connections often being alive for weeks at a time
> that's not a bad thing.
Renegotiation will be removed from future TLS versions because it is
considered unnecessary with modern ciphers:
<https://github.com/tlswg/tls13-spec/issues/38>
If ciphers require rekeying, that mechanism will be provided at the TLS
layer in the future.
I think you could remove renegotiation from PostgreSQL as long as you
offer something better than RC4 in the TLS handshake.
--
Florian Weimer / Red Hat Product Security
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Albe Laurenz | 2015-02-23 15:01:04 | Re: SSL renegotiation |
| Previous Message | Michael Paquier | 2015-02-23 14:15:27 | Re: pg_dump gets attributes from tables in extensions |