database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-05-03 22:24:49 +03:00
Code

Add configuration parameter ssl_renegotiation_limit to control

Browse Source 
how often we do SSL session key renegotiation. Can be set to
0 to disable renegotiation completely, which is required if
a broken SSL library is used (broken patches to CVE-2009-3555
a known cause) or when using a client library that can't do
renegotiation.
This commit is contained in:
Magnus Hagander 2010-02-25 13:26:19 +00:00
parent 2c0914be73
commit f8bd81b4cb
4 changed files with 45 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
doc/src/sgml/config.sgml
View File

@ -1,4 +1,4 @@
<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.98.2.6 2007/05/15 15:35:58 neilc Exp $ --> <!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.98.2.7 2010/02/25 13:26:19 mha Exp $ -->
<chapter Id="runtime-config"> <chapter Id="runtime-config">
<title>Server Configuration</title> <title>Server Configuration</title>
@ -569,6 +569,32 @@ SET ENABLE_SEQSCAN TO OFF;
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry id="guc-ssl-renegotiation-limit" xreflabel="ssl_renegotiation_limit">
<term><varname>ssl_renegotiation_limit</varname> (<type>int</type>)</term>
<indexterm>
<primary><varname>ssl_renegotiation_limit</> configuration parameter</primary>
</indexterm>
<listitem>
<para>
Specifies how much data can flow over an <acronym>SSL</> encrypted connection
before renegotiation of the session will take place. Renegotiation of the
session decreases the chance of doing cryptanalysis when large amounts of data
are sent, but it also carries a large performance penalty. The sum of
sent and received traffic is used to check the limit. If the parameter is
set to 0, renegotiation is disabled. The default is <literal>512MB</>.
</para>
<note>
<para>
SSL libraries from before November 2009 are insecure when using SSL
renegotiation, due to a vulnerability in the SSL protocol. As a stop-gap fix
for this vulnerability, some vendors also shipped SSL libraries incapable
of doing renegotiation. If any of these libraries are in use on the client
or server, SSL renegotiation should be disabled.
</para>
</note>
</listitem>
</varlistentry>
<varlistentry id="guc-password-encryption" xreflabel="password_encryption"> <varlistentry id="guc-password-encryption" xreflabel="password_encryption">
<term><varname>password_encryption</varname> (<type>boolean</type>)</term> <term><varname>password_encryption</varname> (<type>boolean</type>)</term>
<indexterm> <indexterm>

9
src/backend/libpq/be-secure.c
View File

@ -11,7 +11,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.74.2.5 2009/12/30 03:46:08 tgl Exp $ * $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.74.2.6 2010/02/25 13:26:19 mha Exp $
* *
* Since the server static private key ($DataDir/server.key) * Since the server static private key ($DataDir/server.key)
* will normally be stored unencrypted so that the database * will normally be stored unencrypted so that the database
@ -117,13 +117,14 @@ static void close_SSL(Port *);
static const char *SSLerrmessage(void); static const char *SSLerrmessage(void);
#endif #endif
#ifdef USE_SSL
/* /*
* How much data can be sent across a secure connection * How much data can be sent across a secure connection
* (total in both directions) before we require renegotiation. * (total in both directions) before we require renegotiation.
* Set to 0 to disable renegotiation completely.
*/ */
#define RENEGOTIATION_LIMIT (512 * 1024 * 1024) int ssl_renegotiation_limit;
#ifdef USE_SSL
static SSL_CTX *SSL_context = NULL; static SSL_CTX *SSL_context = NULL;
#endif #endif
@ -332,7 +333,7 @@ secure_write(Port *port, void *ptr, size_t len)
{ {
int err; int err;
if (port->count > RENEGOTIATION_LIMIT) if (ssl_renegotiation_limit && port->count > ssl_renegotiation_limit * 1024L)
{ {
SSL_set_session_id_context(port->ssl, (void *) &SSL_context, SSL_set_session_id_context(port->ssl, (void *) &SSL_context,
sizeof(SSL_context)); sizeof(SSL_context));

13
src/backend/utils/misc/guc.c
View File

@ -10,7 +10,7 @@
* Written by Peter Eisentraut <peter_e@gmx.net>. * Written by Peter Eisentraut <peter_e@gmx.net>.
* *
* IDENTIFICATION * IDENTIFICATION
* $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.360.2.6 2010/01/24 21:49:48 tgl Exp $ * $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.360.2.7 2010/02/25 13:26:19 mha Exp $
* *
*-------------------------------------------------------------------- *--------------------------------------------------------------------
*/ */
@ -103,6 +103,7 @@ extern int CommitDelay;
extern int CommitSiblings; extern int CommitSiblings;
extern char *default_tablespace; extern char *default_tablespace;
extern bool fullPageWrites; extern bool fullPageWrites;
extern int ssl_renegotiation_limit;
#ifdef TRACE_SORT #ifdef TRACE_SORT
extern bool trace_sort; extern bool trace_sort;
@ -1621,6 +1622,16 @@ static struct config_int ConfigureNamesInt[] =
0, 0, INT_MAX, assign_tcp_keepalives_interval, show_tcp_keepalives_interval 0, 0, INT_MAX, assign_tcp_keepalives_interval, show_tcp_keepalives_interval
}, },
{
{"ssl_renegotiation_limit", PGC_USERSET, CONN_AUTH_SECURITY,
gettext_noop("Set the amount of traffic to send and receive before renegotiating the encryption keys."),
NULL,
GUC_UNIT_KB,
},
&ssl_renegotiation_limit,
512 * 1024, 0, MAX_KILOBYTES, NULL, NULL
},
{ {
{"tcp_keepalives_count", PGC_USERSET, CLIENT_CONN_OTHER, {"tcp_keepalives_count", PGC_USERSET, CLIENT_CONN_OTHER,
gettext_noop("Maximum number of TCP keepalive retransmits."), gettext_noop("Maximum number of TCP keepalive retransmits."),

1
src/backend/utils/misc/postgresql.conf.sample
View File

@ -74,6 +74,7 @@
#authentication_timeout = 1min # 1s-600s #authentication_timeout = 1min # 1s-600s
#ssl = off # (change requires restart) #ssl = off # (change requires restart)
#ssl_renegotiation_limit = 512MB # amount of data between renegotiations
#password_encryption = on #password_encryption = on
#db_user_namespace = off #db_user_namespace = off