From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
---|---|
To: | Michael Paquier <michael(at)paquier(dot)xyz> |
Cc: | Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Robert Haas <robertmhaas(at)gmail(dot)com>, Andres Freund <andres(at)anarazel(dot)de> |
Subject: | Re: Force disable of SSL renegociation in the server |
Date: | 2021-05-20 12:15:52 |
Message-ID: | F10B1EDA-5771-4F8B-832B-D2A33E4D9077@yesql.se |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
> On 20 May 2021, at 13:00, Michael Paquier <michael(at)paquier(dot)xyz> wrote:
> - SSL_OP_NO_RENEGOTIATION controls that. It is present in OpenSSL >=
> 1.1.1 and has been backported in 1.1.0h (it is not present in older
> versions of 1.1.0).
For OpenSSL 1.1.0 versions < 1.1.0h it will be silently accepted without
actually doing anything, so we might want to combine it with the below.
> - In 1.0.2 and older versions, OpenSSL has an undocumented flag called
> SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS, able to do the same as far as I
> understand.
Well, it's documented in the changelog that it's undocumented (sigh..) along
with a note stating that it works like SSL_OP_NO_RENEGOTIATION. Skimming the
code it seems to ring true. For older OpenSSL versions there's also
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which controls renegotiation for an
older OpenSSL reneg bug. That applies to 0.9.8 versions which we don't
support, but a malicious user can craft whatever they feel like so maybe we
should ensure it's off as well?
> Could there be a point in backpatching that, in light of what we have done in
> 48d23c72 in the past, though?
I think there is merit to that idea, especially given the precedent.
> Thoughts?
+ /* disallow SSL renegociation, option available since 1.1.0h */
s/renegociation/renegotiation/
+1 on disabling renegotiation, but I think it's worth considering using
SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS as well. One could also argue that extending
the comment with a note that it only applies to TLSv1.2 and lower could be
helpful to readers who aren't familiar with TLS protocol versions. TLSv1.3 did
away with renegotiation.
--
Daniel Gustafsson https://vmware.com/
From | Date | Subject | |
---|---|---|---|
Next Message | Amit Langote | 2021-05-20 12:22:52 | Re: Skip partition tuple routing with constant partition key |
Previous Message | Ashutosh Bapat | 2021-05-20 12:13:32 | Diagnostic comment in LogicalIncreaseXminForSlot |