Re: Post-CVE Wishlist

On 09/12/2021 17:24, Peter Eisentraut wrote:
> On 07.12.21 19:49, Jacob Champion wrote:
>>> = Implicit TLS =
>> Reactions to implicit TLS were mixed, from "we should not do this" to
>> "it might be nice to have the option, from a technical standpoint".
>> Both a separate-port model and a shared-port model were tentatively
>> proposed. The general consensus seems to be that the StartTLS-style
>> flow is currently sufficient from a security standpoint.
>>
>> I didn't see any responses that were outright in favor, so I think my
>> remaining question is: are there any committers who think a prototype
>> would be worth the time for a motivated implementer?
>
> I'm quite interested in this. My next question would be how complicated
> it would be. Is it just a small block of code that peaks at a few bytes
> and decides it's a TLS handshake? Or would it require a major
> restructuring of all the TLS support code? Possibly something in the
> middle.

ProcessStartupPacket() currently reads the first 4 bytes coming from the
client to decide what kind of a connection it is, and I believe a TLS
ClientHello message always begins with the same sequence of bytes, so it
would be easy to check for.

You could use recv(.., MSG_PEEK | MSG_WAITALL) flags to leave the bytes
in the OS buffer. Not sure how portable that is, though. Alternatively,
you could stash them e.g. in a global variable and modify
secure_raw_read() to return those bytes first.

Overall, doesn't seem very hard to me.

- Heikki