| From: | Marko Kreen <markokr(at)gmail(dot)com> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Peter Eisentraut <peter_e(at)gmx(dot)net>, Postgres Hackers List <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SSL: better default ciphersuite |
| Date: | 2013-12-12 14:32:07 |
| Message-ID: | 20131212143207.GA26785@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Dec 12, 2013 at 01:33:57PM +0100, Magnus Hagander wrote:
> On Thu, Dec 12, 2013 at 11:30 AM, Marko Kreen <markokr(at)gmail(dot)com> wrote:
> > On Wed, Dec 11, 2013 at 10:08:44PM -0500, Tom Lane wrote:
> > I know that SChannel SSL library in Windows XP (and earlier) is such
> > RC4+3DES only implementation, but I have not heard about anything
> > using it to connect to Postgres.
> >
> > Also I have not heard about any Postgres clients actually allowing
> > to configure ciphers, so my impression all client libraries
> > use defaults, which usually prefer AES anyway.
> >
>
> I don't know, but I would assume that npgsql which sit on top of dotnet,
> would sit on top of schannel in the end.
Probably yes.
> That said, this is XP and earlier, right? Newer versions of Windows have
> better defaults?
Yes, since Vista it supports AES:
http://msdn.microsoft.com/en-us/library/windows/desktop/ff468651%28v=vs.85%29.aspx
> > So my new proposal would be to pick one from following defaults:
> >
> > 1) HIGH:+3DES:!aNULL - disables RC4, orders 3DES last.
> >
> > 2) HIGH:MEDIUM:+3DES:!aNULL - no suite changes from current one,
> > except 3DES is ordered last.
> >
> > +3DES reorders already picked 3DES suites to the end. As my
> > impression is that no clients ever have actually used 3DES,
> > it's fine to use !3DES there. It's clearer too. But if max
> > compatibility is goal, then +3DES is better.
> >
> > It's not as nice and simple as I hoped though. :(
> >
>
> We definitely want to explain in a comment next to the default value the
> exact reasoning behind the default value, I think. That doesn't mean people
> will understand it, but it means they at least have a chance.
>
> That said, #2 seems reasonable I think, but I wouldn't object to #1 either
> :)
Although I don't think that making .NET users on XP use 3DES is a big
problem, there is also no urgent need to drop RC4, as long as all
reasonable alternatives are used first.
Attached patch changes default ciphersuite to HIGH:MEDIUM:+3DES:!aNULL
and also adds documentation about reasoning for it. (I tried to be
consistent there about "cipher" vs. "cipher suite", not sure whether
I succeeded.)
Summary: this default with previous server-order-first patch make sure
that MEDIUM ciphers are never picked accidentally (eg. the bad default
in Java 6), but only when explicitly requested or when only alternative
is 3DES.
--
marko
| Attachment | Content-Type | Size |
|---|---|---|
| ssl.default.v2.patch | text/x-diff | 3.9 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Florian Pflug | 2013-12-12 14:39:36 | Re: ANALYZE sampling is too good |
| Previous Message | MauMau | 2013-12-12 14:12:04 | pg_stat_statements shows too short COMMIT time |