| From: | Andres Freund <andres(at)anarazel(dot)de> |
|---|---|
| To: | balaji(dot)chithambaram(at)capitalone(dot)com |
| Cc: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #14395: sslmode=prefer not checking for certificate and allows connection as SSL |
| Date: | 2016-10-25 14:21:23 |
| Message-ID: | 20161025142123.72avv5hxo224srmo@alap3.anarazel.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On 2016-10-25 13:50:16 +0000, balaji(dot)chithambaram(at)capitalone(dot)com wrote:
> The following bug has been logged on the website:
>
> Bug reference: 14395
> Logged by: Balaji Chithambaram
> Email address: balaji(dot)chithambaram(at)capitalone(dot)com
> PostgreSQL version: 9.5.4
> Operating system: Red Hat Enterprise Linux Server release 6.8
> Description:
>
> When we use default client method sslmode=prefer expected behaviour is to
> try ssl connection by validating the certificate and then if it doesn't go
> for non-SSL connection. But sslmode=prefer goes to SSL connection without
> checking certificate provided.
>
> This gives an option if any servers ip configured for ssl connection can be
> spoofed by with same ip, though we enforced ssl with certificate, it can
> connect with out actual certificate and defeats the purpose.
If somebody can MITM the connection, they can also fake not supporting
SSL. sslmode=prefer simply isn't an adequate protection against that,
and you need to use sslmode=verify-ca or verify-full.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Chithambaram, Balaji (CONT) | 2016-10-25 14:41:34 | Re: BUG #14395: sslmode=prefer not checking for certificate and allows connection as SSL |
| Previous Message | balaji.chithambaram | 2016-10-25 13:50:16 | BUG #14395: sslmode=prefer not checking for certificate and allows connection as SSL |