From 32001ab0b7b4ee143e195f100543f531757a555b Mon Sep 17 00:00:00 2001 From: Peter Eisentraut Date: Mon, 24 Feb 2014 20:30:28 -0500 Subject: [PATCH] Update and clarify ssl_ciphers default - Write HIGH:MEDIUM instead of DEFAULT:!LOW:!EXP for clarity. - Order 3DES last to work around inappropriate OpenSSL default. - Remove !MD5 and @STRENGTH, because they are irrelevant. - Add clarifying documentation. Effectively, the new default is almost the same as the old one, but it is arguably easier to understand and modify. Author: Marko Kreen --- doc/src/sgml/config.sgml | 65 ++++++++++++++++++- src/backend/utils/misc/guc.c | 2 +- src/backend/utils/misc/postgresql.conf.sample | 2 +- 3 files changed, 64 insertions(+), 5 deletions(-) diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml index 91a601559f..cf11306f6c 100644 --- a/doc/src/sgml/config.sgml +++ b/doc/src/sgml/config.sgml @@ -889,12 +889,71 @@ include 'filename' - Specifies a list of SSL ciphers that are allowed to be + Specifies a list of SSL cipher suites that are allowed to be used on secure connections. See the ciphers manual page in the OpenSSL package for the syntax of this setting - and a list of supported values. The default value is usually - reasonable, unless you have specific security requirements. + and a list of supported values. The default value is + HIGH:MEDIUM:+3DES:!aNULL. It is usually reasonable, + unless you have specific security requirements. + + + + Explanation of the default value: + + + HIGH + + + Cipher suites that use ciphers from HIGH group (e.g., + AES, Camellia, 3DES) + + + + + + MEDIUM + + + Cipher suites that use ciphers from MEDIUM group + (e.g., RC4, SEED) + + + + + + +3DES + + + The OpenSSL default order for HIGH is problematic + because it orders 3DES higher than AES128. This is wrong because + 3DES offers less security than AES128, and it is also much + slower. +3DES reorders it after all other + HIGH and MEDIUM ciphers. + + + + + + !aNULL + + + Disables anonymous cipher suites that do no authentication. Such + cipher suites are vulnerable to man-in-the-middle attacks and + therefore should not be used. + + + + + + + + Available cipher suite details will vary across OpenSSL versions. Use + the command + openssl ciphers -v 'HIGH:MEDIUM:+3DES:!aNULL' to + see actual details for the currently installed OpenSSL + version. Note that this list is filtered at run time based on the + server key type. diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index aa5a8757fa..b27cb89a28 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -3237,7 +3237,7 @@ static struct config_string ConfigureNamesString[] = }, &SSLCipherSuites, #ifdef USE_SSL - "DEFAULT:!LOW:!EXP:!MD5:@STRENGTH", + "HIGH:MEDIUM:+3DES:!aNULL", #else "none", #endif diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample index 07341e72a4..ce56059ceb 100644 --- a/src/backend/utils/misc/postgresql.conf.sample +++ b/src/backend/utils/misc/postgresql.conf.sample @@ -79,7 +79,7 @@ #authentication_timeout = 1min # 1s-600s #ssl = off # (change requires restart) -#ssl_ciphers = 'DEFAULT:!LOW:!EXP:!MD5:@STRENGTH' # allowed SSL ciphers +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers # (change requires restart) #ssl_prefer_server_ciphers = on # (change requires restart) #ssl_ecdh_curve = 'prime256v1' # (change requires restart)