1
0
mirror of https://github.com/postgres/postgres.git synced 2025-07-28 23:42:10 +03:00

Remove ssl renegotiation support.

While postgres' use of SSL renegotiation is a good idea in theory, it
turned out to not work well in practice. The specification and openssl's
implementation of it have lead to several security issues. Postgres' use
of renegotiation also had its share of bugs.

Additionally OpenSSL has a bunch of bugs around renegotiation, reported
and open for years, that regularly lead to connections breaking with
obscure error messages. We tried increasingly complex workarounds to get
around these bugs, but we didn't find anything complete.

Since these connection breakages often lead to hard to debug problems,
e.g. spuriously failing base backups and significant latency spikes when
synchronous replication is used, we have decided to change the default
setting for ssl renegotiation to 0 (disabled) in the released
backbranches and remove it entirely in 9.5 and master.

Author: Andres Freund
Discussion: 20150624144148.GQ4797@alap3.anarazel.de
Backpatch: 9.5 and master, 9.0-9.4 get a different patch
This commit is contained in:
Andres Freund
2015-07-28 21:39:32 +02:00
parent da7db24cc2
commit 6087d952b3
6 changed files with 2 additions and 121 deletions

View File

@ -1034,35 +1034,6 @@ include_dir 'conf.d'
</listitem>
</varlistentry>
<varlistentry id="guc-ssl-renegotiation-limit" xreflabel="ssl_renegotiation_limit">
<term><varname>ssl_renegotiation_limit</varname> (<type>integer</type>)
<indexterm>
<primary><varname>ssl_renegotiation_limit</> configuration parameter</primary>
</indexterm>
</term>
<listitem>
<para>
Specifies how much data can flow over an <acronym>SSL</>-encrypted
connection before renegotiation of the session keys will take
place. Renegotiation decreases an attacker's chances of doing
cryptanalysis when large amounts of traffic can be examined, but it
also carries a large performance penalty. The sum of sent and received
traffic is used to check the limit. If this parameter is set to 0,
renegotiation is disabled. The default is <literal>512MB</>.
</para>
<note>
<para>
SSL libraries from before November 2009 are insecure when using SSL
renegotiation, due to a vulnerability in the SSL protocol. As a
stop-gap fix for this vulnerability, some vendors shipped SSL
libraries incapable of doing renegotiation. If any such libraries
are in use on the client or server, SSL renegotiation should be
disabled.
</para>
</note>
</listitem>
</varlistentry>
<varlistentry id="guc-ssl-ciphers" xreflabel="ssl_ciphers">
<term><varname>ssl_ciphers</varname> (<type>string</type>)
<indexterm>