postgresql

mirror of https://git.postgresql.org/git/postgresql.git synced 2024-09-27 19:52:02 +02:00

History

Tom Lane e835e89a0f Fix memory leak when rejecting bogus DH parameters. While back-patching `e0e569e1d`, I noted that there were some other places where we ought to be applying DH_free(); namely, where we load some DH parameters from a file and then reject them as not being sufficiently secure. While it seems really unlikely that anybody would hit these code paths in production, let alone do so repeatedly, let's fix it for consistency. Back-patch to v10 where this code was introduced. Discussion: https://postgr.es/m/16160-18367e56e9a28264@postgresql.org		2021-03-20 12:47:21 -04:00
..
auth-scram.c	Add result size as argument of pg_cryptohash_final() for overflow checks	2021-02-15 10:18:34 +09:00
auth.c	Remove server and libpq support for old FE/BE protocol version 2.	2021-03-04 10:45:55 +02:00
be-fsstubs.c
be-gssapi-common.c
be-secure-common.c
be-secure-gssapi.c
be-secure-openssl.c	Fix memory leak when rejecting bogus DH parameters.	2021-03-20 12:47:21 -04:00
be-secure.c	Introduce symbolic names for FeBeWaitSet positions.	2021-03-01 16:10:16 +13:00
crypt.c
hba.c	Simplify code related to compilation of SSL and OpenSSL	2021-02-10 15:28:19 +09:00
ifaddr.c
Makefile	Introduce --with-ssl={openssl} as a configure option	2021-02-01 19:19:44 +09:00
pg_hba.conf.sample
pg_ident.conf.sample
pqcomm.c	Remove server and libpq support for old FE/BE protocol version 2.	2021-03-04 10:45:55 +02:00
pqformat.c
pqmq.c	Remove server and libpq support for old FE/BE protocol version 2.	2021-03-04 10:45:55 +02:00
pqsignal.c	Use signalfd(2) for epoll latches.	2021-03-01 14:12:02 +13:00
README.SSL

README.SSL

src/backend/libpq/README.SSL

SSL
===

>From the servers perspective:


  Receives StartupPacket
           |
           |
 (Is SSL_NEGOTIATE_CODE?) -----------  Normal startup
           |                  No
           |
           | Yes
           |
           |
 (Server compiled with USE_SSL?) ------- Send 'N'
           |                       No        |
           |                                 |
           | Yes                         Normal startup
           |
           |
        Send 'S'
           |
           |
      Establish SSL
           |
           |
      Normal startup





>From the clients perspective (v6.6 client _with_ SSL):


      Connect
         |
         |
  Send packet with SSL_NEGOTIATE_CODE
         |
         |
  Receive single char  ------- 'S' -------- Establish SSL
         |                                       |
         | '<else>'                              |
         |                                  Normal startup
         |
         |
   Is it 'E' for error  ------------------- Retry connection
         |                  Yes             without SSL
         | No
         |
   Is it 'N' for normal ------------------- Normal startup
         |                  Yes
         |
   Fail with unknown

---------------------------------------------------------------------------

Ephemeral DH
============

Since the server static private key ($DataDir/server.key) will
normally be stored unencrypted so that the database backend can
restart automatically, it is important that we select an algorithm
that continues to provide confidentiality even if the attacker has the
server's private key.  Ephemeral DH (EDH) keys provide this and more
(Perfect Forward Secrecy aka PFS).

N.B., the static private key should still be protected to the largest
extent possible, to minimize the risk of impersonations.

Another benefit of EDH is that it allows the backend and clients to
use DSA keys.  DSA keys can only provide digital signatures, not
encryption, and are often acceptable in jurisdictions where RSA keys
are unacceptable.

The downside to EDH is that it makes it impossible to use ssldump(1)
if there's a problem establishing an SSL session.  In this case you'll
need to temporarily disable EDH (see initialize_dh()).