NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit48d23c7

committed

Disable ssl renegotiation by default.

While postgres' use of SSL renegotiation is a good idea in theory, itturned out to not work well in practice. The specification and openssl'simplementation of it have lead to several security issues. Postgres' useof renegotiation also had its share of bugs.Additionally OpenSSL has a bunch of bugs around renegotiation, reportedand open for years, that regularly lead to connections breaking withobscure error messages. We tried increasingly complex workarounds to getaround these bugs, but we didn't find anything complete.Since these connection breakages often lead to hard to debug problems,e.g. spuriously failing base backups and significant latency spikes whensynchronous replication is used, we have decided to change the defaultsetting for ssl renegotiation to 0 (disabled) in the releasedbackbranches and remove it entirely in 9.5 and master..Author: Michael Paquier, with changes by meDiscussion: 20150624144148.GQ4797@alap3.anarazel.deBackpatch: 9.0-9.4; 9.5 and master get a different patch

1 parent03d7f3b commit48d23c7Copy full SHA for 48d23c7

File tree

3 files changed

+11

-3

lines changed

doc/src/sgml
- config.sgml
src/backend/utils/misc
- guc.c
- postgresql.conf.sample

3 files changed

+11

-3

lines changed

`‎doc/src/sgml/config.sgml`

Lines changed: 9 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -858,7 +858,7 @@ include 'filename'`
`858`	`858`	`cryptanalysis when large amounts of traffic can be examined, but it`
`859`	`859`	`also carries a large performance penalty. The sum of sent and received`
`860`	`860`	`traffic is used to check the limit. If this parameter is set to 0,`
`861`		`- renegotiation is disabled. The default is <literal>512MB</>.`
	`861`	`+ renegotiation is disabled. The default is <literal>0</>.`
`862`	`862`	`</para>`
`863`	`863`	`<note>`
`864`	`864`	`<para>`
`@@ -870,6 +870,14 @@ include 'filename'`
`870`	`870`	`disabled.`
`871`	`871`	`</para>`
`872`	`872`	`</note>`
	`873`	`+`
	`874`	`+ <warning>`
	`875`	`+ <para>`
	`876`	`+ Due to bugs in <productname>OpenSSL</> enabling ssl renegotiation, by`
	`877`	`+ configuring a non-zero <varname>ssl_renegotiation_limit</>, is likely`
	`878`	`+ to lead to problems like long-lived connections breaking.`
	`879`	`+ </para>`
	`880`	`+ </warning>`
`873`	`881`	`</listitem>`
`874`	`882`	`</varlistentry>`
`875`	`883`

`‎src/backend/utils/misc/guc.c`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -2377,7 +2377,7 @@ static struct config_int ConfigureNamesInt[] =`
`2377`	`2377`	`GUC_UNIT_KB,`
`2378`	`2378`	`},`
`2379`	`2379`	`&ssl_renegotiation_limit,`
`2380`		`-512*1024,0,MAX_KILOBYTES,`
	`2380`	`+0,0,MAX_KILOBYTES,`
`2381`	`2381`	`NULL,NULL,NULL`
`2382`	`2382`	`},`
`2383`	`2383`

`‎src/backend/utils/misc/postgresql.conf.sample`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -81,7 +81,7 @@`
`81`	`81`	`#ssl = off# (change requires restart)`
`82`	`82`	`#ssl_ciphers = 'DEFAULT:!LOW:!EXP:!MD5:@STRENGTH'# allowed SSL ciphers`
`83`	`83`	`# (change requires restart)`
`84`		`-#ssl_renegotiation_limit =512MB# amount of data between renegotiations`
	`84`	`+#ssl_renegotiation_limit =0# amount of data between renegotiations`
`85`	`85`	`#ssl_cert_file = 'server.crt'# (change requires restart)`
`86`	`86`	`#ssl_key_file = 'server.key'# (change requires restart)`
`87`	`87`	`#ssl_ca_file = ''# (change requires restart)`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit48d23c7

File tree

3 files changed

3 files changed

`‎doc/src/sgml/config.sgml`

`‎src/backend/utils/misc/guc.c`

`‎src/backend/utils/misc/postgresql.conf.sample`

0 commit comments