Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit17386ac

Browse files
committed
Well, the discussion about SSL a bit back perked my interest and I did
some reading on the subject.1) PostgreSQL uses ephemeral keying, for its connections (good thing)2) PostgreSQL doesn't set the cipher list that it allows (bad thing, fixed)3) PostgreSQL's renegotiation code wasn't text book correct (could be bad, fixed)4) The rate of renegotiating was insanely low (as Tom pointed out, set to a more reasonable level)I haven't checked around much to see if there are any other SSL bitsthat need some review, but I'm doing some OpenSSL work right nowand'll send patches for improvements along the way (if I find them).At the very least, the changes in this patch will make security folkshappier for sure. The constant renegotiation of sessions was likely aboon to systems that had bad entropy gathering means (read: Slowaris/dev/rand|/dev/urand != ANDIrand). The new limit for renegotiationsis 512MB which should be much more reasonable.Sean Chittenden
1 parent5357566 commit17386ac

File tree

1 file changed

+14
-4
lines changed

1 file changed

+14
-4
lines changed

‎src/backend/libpq/be-secure.c

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
*
1212
*
1313
* IDENTIFICATION
14-
* $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.33 2003/05/27 17:49:46 momjian Exp $
14+
* $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.34 2003/06/11 15:05:50 momjian Exp $
1515
*
1616
* Since the server static private key ($DataDir/server.key)
1717
* will normally be stored unencrypted so that the database
@@ -124,7 +124,7 @@ static const char *SSLerrmessage(void);
124124
*How much data can be sent across a secure connection
125125
*(total in both directions) before we require renegotiation.
126126
*/
127-
#defineRENEGOTIATION_LIMIT (64 * 1024)
127+
#defineRENEGOTIATION_LIMIT (512 * 1024 * 1024)
128128
#defineCA_PATH NULL
129129
staticSSL_CTX*SSL_context=NULL;
130130
#endif
@@ -320,8 +320,11 @@ secure_write(Port *port, void *ptr, size_t len)
320320
elog(COMMERROR,"SSL renegotiation failure");
321321
if (SSL_do_handshake(port->ssl) <=0)
322322
elog(COMMERROR,"SSL renegotiation failure");
323-
port->ssl->state=SSL_ST_ACCEPT;
324-
if (SSL_do_handshake(port->ssl) <=0)
323+
if (port->ssl->state!=SSL_ST_OK)
324+
elog(COMMERROR,"SSL failed to send renegotiation request");
325+
port->ssl->state |=SSL_ST_ACCEPT;
326+
SSL_do_handshake(port->ssl);
327+
if (port->ssl->state!=SSL_ST_OK)
325328
elog(COMMERROR,"SSL renegotiation failure");
326329
port->count=0;
327330
}
@@ -639,6 +642,13 @@ initialize_SSL(void)
639642
SSL_CTX_set_tmp_dh_callback(SSL_context,tmp_dh_cb);
640643
SSL_CTX_set_options(SSL_context,SSL_OP_SINGLE_DH_USE |SSL_OP_NO_SSLv2);
641644

645+
/* setup the allowed cipher list */
646+
if (SSL_CTX_set_cipher_list(SSL_context,"ALL:!ADH:!LOW:!EXP:!MD5:@STRENGH")!=1)
647+
{
648+
postmaster_error("unable to set the cipher list (no valid ciphers available)");
649+
ExitPostmaster(1);
650+
}
651+
642652
/* accept client certificates, but don't require them. */
643653
snprintf(fnbuf,sizeoffnbuf,"%s/root.crt",DataDir);
644654
if (!SSL_CTX_load_verify_locations(SSL_context,fnbuf,CA_PATH))

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp