Re: Recent vendor SSL renegotiation patches break PostgreSQL

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Bruce Momjian <bruce(at)momjian(dot)us>, Chris Campbell <chris_campbell(at)mac(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Recent vendor SSL renegotiation patches break PostgreSQL
Date: 2010-02-23 11:03:43
Message-ID: 9837222c1002230303u5ae16e1dufdfbd30f3486533f@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

2010/2/22 Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>:
> Magnus Hagander <magnus(at)hagander(dot)net> writes:
>> 2010/2/22 Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>:
>> You'd still have to turn it off on the server side if you have a
>> *single* client that has the broken patch, but that's still a lot
>> better than nothing.
>
> Well, if it's a GUC it can be set per-user or per-database, so there's
> at least some hope of not having to turn it off for everyone.
>
>> Think it's worth taking a stab at?
>
> If you want to do it, I'd be fine with it.

Seems easy enough, see attached. Comments?

This version is set to superuser only. It's a security related
feature, so just letting a random user turn it off may be seen as
wrong. On the other hand, this is just about the connection security,
and if we have a malicious user on the other end, he can do a lot
worse things than disable renegotiation (such as resending the
plaintext after it's been decrypted).

I'd therefore suggest we make it USERSET. Anything wrong in that discussion?

(That would also for example allow npgsql to always set it to 0, if
it's known to be broken)

Also, do we want to add a specific <note> to the documentation saying
this is the way around broken SSL libraries? Or leave that to release
notes? Or just leave it to the mailinglist archives?

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/

Attachment Content-Type Size
ssl_renegotiate.patch application/octet-stream 3.5 KB

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Magnus Hagander 2010-02-23 11:04:41 Re: Recent vendor SSL renegotiation patches break PostgreSQL
Previous Message Magnus Hagander 2010-02-23 09:56:28 Re: SR/libpq - outbound interface/ipaddress binding