Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?)

From: Andres Freund <andres(at)anarazel(dot)de>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-hackers(at)postgreSQL(dot)org
Subject: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?)
Date: 2015-06-24 14:41:48
Message-ID: 20150624144148.GQ4797@alap3.anarazel.de
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On 2015-06-23 14:33:21 -0400, Tom Lane wrote:
> I do not know at this point whether these behaviors are really the same
> bug or not, but I wonder whether it's time to consider back-patching the
> renegotiation fixes we did in 9.4.

I, by now, have come to a different conclusion. I think it's time to
entirely drop the renegotiation support.

While there's a security benefit of renegotiation by limiting the amount
of leaked data in case either client or server is exploited while the
connection is ongoing, the reality is that the renegotiation support in
openssl just isn't up to the task.

Both Heikki and I have spent a considerable amount of time trying to
find workarounds for the renegotiation bugs in openssl, but so far I
don't think that's bullet proof. Additionally the track record of
renegotiation both in ssl specification and in the openssl specification
is that it opens many more security holes than it fixes.

Greetings,

Andres Freund

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Andres Freund 2015-06-24 14:45:18 Re: UPSERT on partition
Previous Message Robert Haas 2015-06-24 14:38:38 Re: UPSERT on partition