33.19. SSL Support
Postgres Pro has native support for usingSSL connections to encrypt client/server communications for increased security. SeeSection 17.9 for details about the server-sideSSL functionality.
By default,Postgres Pro will not perform any verification of the server certificate. This means that it is possible to spoof the server identity (for example by modifying a DNS record or by taking over the server IP address) without the client knowing. In order to prevent spoofing, the client must be able to verify the server's identity via a chain of trust. A chain of trust is established by placing a root (self-signed) certificate authority (CA) certificate on one computer and a leaf certificatesigned by the root certificate on another computer. It is also possible to use an“intermediate” certificate which is signed by the root certificate and signs leaf certificates.
The first certificate inpostgresql.crt must be the client's certificate because it must match the client's private key.“Intermediate” certificates can be optionally appended to the file — doing so avoids requiring storage of intermediate certificates on the server (ssl_ca_file).
The certificate and key may be in PEM or ASN.1 DER format.
The key may be stored in cleartext or encrypted with a passphrase using any algorithm supported byOpenSSL, like AES-128. If the key is stored encrypted, then the passphrase may be provided in thesslpassword connection option. If an encrypted key is supplied and thesslpassword option is absent or blank, a password will be prompted for interactively byOpenSSL with aEnter PEM pass phrase: prompt if a TTY is available. Applications can override the client certificate prompt and the handling of thesslpassword parameter by supplying their own key password callback; seePQsetSSLKeyPassHook_OpenSSL.
For instructions on creating certificates, seeSection 17.9.5.
33.19.3. Protection Provided in Different Modes
The different values for thesslmode parameter provide different levels of protection. SSL can provide protection against three types of attacks:
- Eavesdropping
If a third party can examine the network traffic between the client and the server, it can read both connection information (including the user name and password) and the data that is passed.SSL uses encryption to prevent this.
- Man-in-the-middle (MITM)
If a third party can modify the data while passing between the client and server, it can pretend to be the server and therefore see and modify dataeven if it is encrypted. The third party can then forward the connection information and data to the original server, making it impossible to detect this attack. Common vectors to do this include DNS poisoning and address hijacking, whereby the client is directed to a different server than intended. There are also several other attack methods that can accomplish this.SSL uses certificate verification to prevent this, by authenticating the server to the client.
- Impersonation
If a third party can pretend to be an authorized client, it can simply access data it should not have access to. Typically this can happen through insecure password management.SSL uses client certificates to prevent this, by making sure that only holders of valid certificates can access the server.
For a connection to be known SSL-secured, SSL usage must be configured onboth the client and the server before the connection is made. If it is only configured on the server, the client may end up sending sensitive information (e.g., passwords) before it knows that the server requires high security. In libpq, secure connections can be ensured by setting thesslmode parameter toverify-full orverify-ca, and providing the system with a root certificate to verify against. This is analogous to using anhttpsURL for encrypted web browsing.
AllSSL options carry overhead in the form of encryption and key-exchange, so there is a trade-off that has to be made between performance and security.Table 33.1 illustrates the risks the differentsslmode values protect against, and what statement they make about security and overhead.
Table 33.1. SSL Mode Descriptions
sslmode | Eavesdropping protection | MITM protection | Statement |
|---|---|---|---|
disable | No | No | I don't care about security, and I don't want to pay the overhead of encryption. |
allow | Maybe | No | I don't care about security, but I will pay the overhead of encryption if the server insists on it. |
prefer | Maybe | No | I don't care about encryption, but I wish to pay the overhead of encryption if the server supports it. |
require | Yes | No | I want my data to be encrypted, and I accept the overhead. I trust that the network will make sure I always connect to the server I want. |
verify-ca | Yes | Depends on CA policy | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server that I trust. |
verify-full | Yes | Yes | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server I trust, and that it's the one I specify. |
The difference betweenverify-ca andverify-full depends on the policy of the rootCA. If a publicCA is used,verify-ca allows connections to a server thatsomebody else may have registered with theCA. In this case,verify-full should always be used. If a localCA is used, or even a self-signed certificate, usingverify-ca often provides enough protection.
Table 33.2 summarizes the files that are relevant to the SSL setup on the client.
Table 33.2. Libpq/Client SSL File Usage
| File | Contents | Effect |
|---|---|---|
~/.postgresql/postgresql.crt | client certificate | sent to server |
~/.postgresql/postgresql.key | client private key | proves client certificate sent by owner; does not indicate certificate owner is trustworthy |
~/.postgresql/root.crt | trusted certificate authorities | checks that server certificate is signed by a trusted certificate authority |
~/.postgresql/root.crl | certificates revoked by certificate authorities | server certificate must not be on this list |
33.19.5. SSL Library Initialization
If your application initializeslibssl and/orlibcrypto libraries andlibpq is built withSSL support, you should callPQinitOpenSSL to telllibpq that thelibssl and/orlibcrypto libraries have been initialized by your application, so thatlibpq will not also initialize those libraries. However, this is unnecessary when usingOpenSSL version 1.1.0 or later, as duplicate initializations are no longer problematic.
PQinitOpenSSLAllows applications to select which security libraries to initialize.
void PQinitOpenSSL(int do_ssl, int do_crypto);
When
do_sslis non-zero,libpq will initialize theOpenSSL library before first opening a database connection. Whendo_cryptois non-zero, thelibcryptolibrary will be initialized. By default (ifPQinitOpenSSLis not called), both libraries are initialized. When SSL support is not compiled in, this function is present but does nothing.If your application uses and initializes eitherOpenSSL or its underlying
libcryptolibrary, youmust call this function with zeroes for the appropriate parameter(s) before first opening a database connection. Also be sure that you have done that initialization before opening a database connection.PQinitSSLAllows applications to select which security libraries to initialize.
void PQinitSSL(int do_ssl);
This function is equivalent to
PQinitOpenSSL(do_ssl, do_ssl). It is sufficient for applications that initialize both or neither ofOpenSSL andlibcrypto.PQinitSSLhas been present sincePostgreSQL 8.0, whilePQinitOpenSSLwas added inPostgreSQL 8.4, soPQinitSSLmight be preferable for applications that need to work with older versions oflibpq.