From: | Jeffrey Walton <noloader(at)gmail(dot)com> |
---|---|
To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
Cc: | pgsql-bugs(at)postgresql(dot)org |
Subject: | Re: fe-secure.c and SSL/TLS |
Date: | 2013-11-22 23:26:47 |
Message-ID: | CAH8yC8nZVUyCQznkQd8=ELMM4k_=uXJRjt8YF9V22Cy2x_dDjQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
Thanks Peter.
On Fri, Nov 22, 2013 at 8:22 AM, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
> On 11/12/13, 11:49 PM, Jeffrey Walton wrote:
>> I believe fe-secure.c has a few opportunities for improvement. I
>> believe the first three are features requests/improvements, but the
>> fourth and fifth could be a security vulnerabilities.
>
> Please create patches and send them to the next commit fest.
That is a pretty cool concept.
> that the current commit fest contains a few SSL-related patches, which
> might overlap with your suggestions:
> https://commitfest.postgresql.org/action/commitfest_view?id=20
I kind of disagree with this from
http://www.postgresql.org/message-id/20131114231105.GA23669@gmail.com:
Main goal is to leave low-level ciphersuite details to
OpenSSL guys and give clear impression to Postgres
admins what it is about.
I would argue nothing should be left to chance, and the project should
take control of everything. But I don't really have a dog in the fight
;)
From this comment at
http://www.postgresql.org/message-id/20131114231105.GA23669@gmail.com:
!aNULL
Needed to disable suites that do not authenticate
server. DEFAULT includes !aNULL by default.
If server authentication is desired, then SSL_get_verify_result should
be called in addition to the name checks when in an enterprise
environment (i.e., a CAfile was provided) or the client knows who to
trust (by whatever means).
Ommiting SSL_get_verify_result basically results in an ADH-like
protocol :) Its OK for opportunistic encryption, but its not OK for an
enterprise deployment running a private PKI or the client knows who to
trust.
Also, what about eNULL? Is it OK to send authenticated plain text
(that's what the eNULL:!aNULL combination provides).
Jeff
From | Date | Subject | |
---|---|---|---|
Next Message | Michael Paquier | 2013-11-23 08:02:00 | Re: BUG #8610: Duplicate records with same PK value |
Previous Message | Tom Lane | 2013-11-22 20:19:10 | Re: BUG #8611: ECPG: unclosed comment "/*" |