Re: [PATCH] add ssl_protocols configuration option

From: Dag-Erling Smørgrav <des(at)des(dot)no>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: [PATCH] add ssl_protocols configuration option
Date: 2014-10-22 13:12:19
Message-ID: 86d29kdz9o.fsf@nine.des.no
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:
> This looks to me like re-fighting the last war. Such a GUC has zero value
> *unless* some situation exactly like the POODLE bug comes up again, and
> the odds of that are not high.

Many people would have said the exact same thing before POODLE, and
BEAST, and CRIME, and Heartbleed. You never know what sort of bugs or
weaknesses will show up or when; all you know is that there are a lot of
people working very hard to find these things and exploit them, and that
they *will* succeeded, again and again and again. You can gamble that
PostgreSQL will not be vulnerable due to specific details of its
protocol or how it uses TLS, but that's a gamble which you will
eventually lose.

> Moreover, the GUC could easily be misused to decrease rather than increase
> one's security, if it's carelessly set.

That's the user's responsibility.

DES
--
Dag-Erling Smørgrav - des(at)des(dot)no

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Dag-Erling Smørgrav 2014-10-22 13:14:26 Re: [PATCH] add ssl_protocols configuration option
Previous Message Heikki Linnakangas 2014-10-22 13:02:50 Re: Obsolete reference to _bt_tuplecompare() within tuplesort.c