| From: | Nicolas Guini <nicolasguini(at)gmail(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Cc: | Damian Quiroga <qdamian(at)gmail(dot)com>, hlinnaka(at)iki(dot)fi |
| Subject: | PostgreSQL - Weak DH group |
| Date: | 2016-10-05 14:15:34 |
| Message-ID: | CAMxBoUyjOOautVozN6ofzym828aNrDjuCcOTcCquxjwS-L2hGQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hello everyone,
I sent few days ago to the security DL a mail reporting a vulnerability in
how Postgres is requesting DH params to be used later for encryption
algorithms. So, due to there is no problem sharing with this group, here is
what I sent:
------------------------------------------------------------------------------------------------------------------------------------------
Hi folks,
We are working with Postgres 9.3.14 and executing nmap we
found that it is using “weak DH group” (nmap –script ssl-dh-params). Weak =
1024 bits.
See nmap output (1)
We don’t know if other versions are affected or not. The
environment used is a RHEL 6 x86_6, OpenSSL version 1.0.2i with FIPS module.
This issue is similar to what this post explains about using weak DH
parameters: http://www.usefuljs.net/2016/09/29/imperfect-forward-secrecy/
Following with the code, it seems that PostgreSQL has
missed the keyLength OpenSSL parameter, and it delivers into a weak crypto
configuration.. Affected Code:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=
blob;f=src/backend/libpq/be-secure-openssl.c;h=
8d8f12952a4a4f14a15f8647b96935e13d68fb39;hb=48d50840d53eb62842c0d9b54eab9c
d7c9a3a46d
(Thanks to Damian in order to found the affected code)
(1) nmap output:
# nmap –script ssl-dh-params -p 5432 <ip>
Starting Nmap 7.25BETA2 ( https://nmap.org )
Nmap scan report for <ip>
Host is up (0.00035s latency).
PORT STATE SERVICE
5432/tcp open postgresql
| ssl-dh-params:
| VULNERABLE:
| Diffie-Hellman Key Exchange Insufficient Group Strength
| State: VULNERABLE
| Transport Layer Security (TLS) services that use Diffie-Hellman
groups
| of insufficient strength, especially those using one of a few
commonly
| shared groups, may be susceptible to passive eavesdropping attacks.
| Check results:
| WEAK DH GROUP 1
| Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
| Modulus Type: Safe prime
| Modulus Source: Unknown/Custom-generated
| Modulus Length: 1024
| Generator Length: 8
| Public Key Length: 1024
| References:
------------------------------------------------------------------------------------------------------------------------------------------
Thanks in advance
Nicolas Guini
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Masahiko Sawada | 2016-10-05 14:28:40 | Autovacuum launcher process launches worker process at high frequency |
| Previous Message | Tom Lane | 2016-10-05 13:42:04 | Re: Relids in upper relations |