Re: PostgreSQL - Weak DH group

On 07/13/2017 08:04 PM, Alvaro Herrera wrote:
> Michael Paquier wrote:
>> On Thu, Jul 13, 2017 at 5:32 PM, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> wrote:
>
>>> Objections to committing this now, instead of waiting for v11?
>>
>> But I am -1 for the sneak part. It is not the time to have a new
>> feature in 10, the focus is to stabilize.
>
> But if we were treating it as a security issue, would we backpatch it?
> If we do, then it definitely makes sense to put something in pg10. I'm
> not sure that this patch is it, though -- perhaps it makes sense to put
> a minimal fix in older branches, and let the new feature wait for pg11?

I don't think this can be backpatched. It changes the default DH
parameters from 1024 bits to 2048 bits. That's a good thing for
security, but older clients might not support it, and would refuse to
connect or would fall back to something less secure. I don't think there
are many such clients around anymore, but it's nevertheless not
something we want to do in a stable release I think the best we can do
is to document the issue and the workaround. To recap, to use stronger
DH parameters in stable versions, you need to do "openssl dhparam -out
$PGDATA/dh1024.pem 2048".

But I'd like to take the opportunity to change this for new
installations, with v10, instead of waiting for another year. Of course,
you could say that for any new feature, too, but that doesn't
necessarily mean that it's a bad argument :-). It's a judgment call, for
sure.

- Heikki