| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Noah Misch <noah(at)leadboat(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Euler Taveira <euler(at)timbira(dot)com>, Florian Pflug <fgp(at)phlo(dot)org>, Pgsql Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: default SSL compression (was: libpq compression) |
| Date: | 2013-01-02 13:03:20 |
| Message-ID: | CABUevExzxT8bM+d=m6W8PYx5YojaNC6eVhEKvfCvYkiyRKEu2Q@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Jan 2, 2013 at 1:15 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> Noah Misch <noah(at)leadboat(dot)com> writes:
> > On Tue, Jan 01, 2013 at 04:29:35PM +0100, Magnus Hagander wrote:
> >> On Thu, Aug 30, 2012 at 11:41 PM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> >>> Do we want to change our ssl_ciphers default to 'DEFAULT'? Currently it
> >>> is 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH'.
>
> >> Did we ever get anywhere with this? Is this a change we want to do for 9.3?
> >> Since nobody seems to have come up with a motivation for not following the
> >> openssl default, we probably should?
>
> > +1 for doing that. I'm not aware of a PostgreSQL-specific selection criterion
> > for SSL cipher suites.
>
> I did a bit of digging in the commit logs. The current default was
> introduced in commit 17386ac45345fe38a10caec9d6e63afa3ce31bb9. So far
> as I can find, the only discussion leading up to that patch was the
> thread starting at
> http://archives.postgresql.org/pgsql-interfaces/2003-04/msg00075.php
> which only discusses the key renegotiation interval, not anything about
> selecting the allowed ciphers. What's more, one might be forgiven for
> suspecting that the cipherset string wasn't too carefully researched
> after noticing that it wasn't even spelled correctly in that commit.
Yeah, clearly seems that way.
> So +1 for changing it to "DEFAULT" from me, too. There's no reason to
> think we know more about this than the OpenSSL authors.
>
The DEFAULT value in OpenSSL 1.0 means "ALL:!aNULL:!eNULL".
Researching some more, this might cause a problem actually, which
would explain some of the things that are in our default. For example,
an ADH algorithm doesn't use certificates - but it uses DH parameters,
so it likely won't work anyway. EDH uses certs, but also requires DH
parameters.
Maybe what we nede is "DEFAULT:!ADH:@STRENGTH" as the default?
The other difference is that our current string denies 40 and 56 bit
encryptions (low and export strenghts). Do we stll want to do that?
Finally we deny MD5 - I have no idea why we do that.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2013-01-02 13:25:48 | Re: pgsql: Unify some tar functionality across different parts |
| Previous Message | Boszormenyi Zoltan | 2013-01-02 12:59:50 | [PATCH] Factor out pg_malloc and friends into port code |