Improve errors when setting incorrect bounds for SSL protocols

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Cc: Daniel Gustafsson <daniel(at)yesql(dot)se>
Subject: Improve errors when setting incorrect bounds for SSL protocols
Date: 2020-01-14 03:54:20
Message-ID: 20200114035420.GE1515@paquier.xyz
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Hi all,
(Daniel G. in CC.)

As discussed on the thread to be able to set the min/max SSL protocols
with libpq, when mixing incorrect bounds the user experience is not
that good:
https://www.postgresql.org/message-id/9CFA34EE-F670-419D-B92C-CB7943A27573@yesql.se

It happens that the error generated with incorrect combinations
depends solely on what OpenSSL thinks is fine, and that's the
following:
psql: error: could not connect to server: SSL error: tlsv1 alert
internal error

It is hard for users to understand what such an error means and how to
act on it.

Please note that OpenSSL 1.1.0 has added two routines to be able to
get the min/max protocols set in a context, called
SSL_CTX_get_min/max_proto_version. Thinking about older versions of
OpenSSL I think that it is better to use
ssl_protocol_version_to_openssl to do the parsing work. I also found
that it is easier to check for compatible versions after setting both
bounds in the SSL context, so as there is no need to worry about
invalid values depending on the build of OpenSSL used.

So attached is a patch to improve the detection of incorrect
combinations. Once applied, we get a complain about an incorrect
version at server startup (FATAL) or reload (LOG). The patch includes
new regression tests.

Thoughts?
--
Michael

Attachment Content-Type Size
ssl-proto-context-v1.patch text/x-diff 5.2 KB

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Amit Kapila 2020-01-14 04:28:32 Re: logical decoding : exceeded maxAllocatedDescs for .spill files
Previous Message Kyotaro Horiguchi 2020-01-14 03:49:32 Re: Protect syscache from bloating with negative cache entries