| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | Steven Fackler <sfackler(at)gmail(dot)com> |
| Cc: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Michael Paquier <michael(at)paquier(dot)xyz>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, Postgres hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Supporting tls-server-end-point as SCRAM channel binding for OpenSSL 1.0.0 and 1.0.1 |
| Date: | 2018-06-11 14:47:23 |
| Message-ID: | 9fd5cd12-6c62-5730-8db5-95dceb209912@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 6/6/18 16:16, Steven Fackler wrote:
> TLS 1.3, (which is currently in a draft state, but is theoretically
> being finalized soon) does not support the TLS channel binding
> algorithms [1]. From talking with one of the people working on the TLS
> 1.3 standard, tls-unique is seen as particularly problematic. There's
> some discussion on the IETF mailing lists from a couple of years ago [2].
I think we'll just have to wait for an updated RFC on channel bindings
for TLS 1.3.
Perhaps we should change PostgreSQL 11 to not advertise channel binding
when TLS 1.3 is used?
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2018-06-11 14:49:01 | Re: SCRAM with channel binding downgrade attack |
| Previous Message | David Rowley | 2018-06-11 14:40:25 | Re: why partition pruning doesn't work? |