Support tls-exporter as channel binding for TLSv1.3

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Cc: Jacob Champion <jchampion(at)timescale(dot)com>
Subject: Support tls-exporter as channel binding for TLSv1.3
Date: 2022-08-29 06:02:01
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

Hi all,

RFC9266, that has been released not so long ago, has added
tls-exporter as a new channel binding type:

An advantage over tls-server-end-point, AFAIK, is that this prevents
man-in-the-middle attacks even if the attacker holds the server's
private key, which was the kind of job that tls-unique does for
TLSv1.2, though we've decided at the end to drop it during the PG11
dev cycle because it does things poorly.

This patch provides an implementation, tests and documentation for the
so-said feature. An environment variable called PGCHANNELBINDINGTYPE
is added, as well as new connection parameter called
channel_binding_type. The key point of the implementation is
SSL_export_keying_material(), that is available down to 1.0.1 (oldest
version supported on HEAD), so this should not require a ./configure

Perhaps the part about the new libpq parameter could be refactored as
of its own patch, with the addition of channel_binding_type in the
SCRAM status structures. Note also that tls-exporter is aimed for
TLSv1.3 and newer protocols, but OpenSSL allows the thing to work with
older protocols (testable with ssl_max_protocol_version, for example),
and I don't see a need to prevent this scenario. An extra thing is
that attempting to use tls-exporter with a backend <= 15 and a client
>= 16 causes a failure during the SASL exchange, where the backend
complains about tls-exporter being unsupported.

Jacob Champion should be considered as the primary author of the
patch, even if I have spent some time on this patch before sending it
here. I am adding that to the next commit fest.


Attachment Content-Type Size
0001-tls-exporter-as-channel-binding-for-SCRAM-SSL.patch text/x-diff 16.2 KB


Browse pgsql-hackers by date

  From Date Subject
Next Message Ajin Cherian 2022-08-29 06:14:57 Re: Support logical replication of DDLs
Previous Message Nathan Bossart 2022-08-29 05:44:49 Re: use ARM intrinsics in pg_lfind32() where available