Re: PostgreSQL - Weak DH group

From: Oskari Saarenmaa <os(at)ohmu(dot)fi>
To: Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, Nicolas Guini <nicolasguini(at)gmail(dot)com>
Cc: pgsql-hackers(at)postgresql(dot)org, Damian Quiroga <qdamian(at)gmail(dot)com>
Subject: Re: PostgreSQL - Weak DH group
Date: 2016-10-12 07:29:04
Message-ID: 54f44984-2f09-8744-927f-140a90c379dc@ohmu.fi
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

06.10.2016, 16:52, Heikki Linnakangas kirjoitti:
> I propose the attached patch. It gives up on trying to deal with
> multiple key lengths (as noted earlier, OpenSSL just always passed
> keylength=1024, so that was useless). Instead of using the callback, it
> just sets fixed DH parameters with SSL_CTX_set_tmp_dh(), like we do for
> the ECDH curve. The DH parameters are loaded from a file called
> "dh_params.pem" (instead of "dh1024.pem"), if present, otherwise the
> built-in 2048 bit parameters are used.

We've been using the same built-in parameters for 14 years now, they
apparently came from
https://web.archive.org/web/20011212141438/http://www.skip-vpn.org/spec/numbers.html
(the original page is no longer available) and are shared by countless
other systems.

While we're not using the most common Oakley groups which are presumed
to have been broken by various parties (https://weakdh.org) I think it'd
be worthwhile to replace the currently built-in parameters with custom
ones. And maybe even regenerate parameters for every minor release.

HAProxy made a similar change last year, see
https://github.com/haproxy/haproxy/commit/d3a341a96fb6107d2b8e3d7a9c0afa2ff43bb0b6

/ Oskari

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Craig Ringer 2016-10-12 07:32:34 Re: macaddr 64 bit (EUI-64) datatype support
Previous Message Michael Paquier 2016-10-12 06:52:57 Re: macaddr 64 bit (EUI-64) datatype support