summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7404e77)
raw | patch | inline | side by side (parent: 7404e77)
| author | Peter Eisentraut <peter_e@gmx.net> | |
| Fri, 19 Jan 2018 17:18:42 +0000 (12:18 -0500) | ||
| committer | Peter Eisentraut <peter_e@gmx.net> | |
| Tue, 23 Jan 2018 12:11:38 +0000 (07:11 -0500) |
The EDH support is not really specific to the OpenSSL implementation, so
move the support and documentation comments to common files.
move the support and documentation comments to common files.
| src/backend/libpq/README.SSL | patch | blob | blame | history | |
| src/backend/libpq/be-secure-openssl.c | patch | blob | blame | history | |
| src/include/libpq/libpq-be.h | patch | blob | blame | history |
index 53dc9dd005ea1037a356ad1c6ca81b5be6617622..d84a434a6ee09ef9d8b33e9b340a433ba789939b 100644 (file)
Fail with unknown
---------------------------------------------------------------------------
+
+Ephemeral DH
+============
+
+Since the server static private key ($DataDir/server.key) will
+normally be stored unencrypted so that the database backend can
+restart automatically, it is important that we select an algorithm
+that continues to provide confidentiality even if the attacker has the
+server's private key. Ephemeral DH (EDH) keys provide this and more
+(Perfect Forward Secrecy aka PFS).
+
+N.B., the static private key should still be protected to the largest
+extent possible, to minimize the risk of impersonations.
+
+Another benefit of EDH is that it allows the backend and clients to
+use DSA keys. DSA keys can only provide digital signatures, not
+encryption, and are often acceptable in jurisdictions where RSA keys
+are unacceptable.
+
+The downside to EDH is that it makes it impossible to use ssldump(1)
+if there's a problem establishing an SSL session. In this case you'll
+need to temporarily disable EDH (see initialize_dh()).
index fc6e8a0a8883a87c6e8900989f92abc02c7ec385..450a2f614c5aa9569b9769e0a112d940bdab6498 100644 (file)
* IDENTIFICATION
* src/backend/libpq/be-secure-openssl.c
*
- * Since the server static private key ($DataDir/server.key)
- * will normally be stored unencrypted so that the database
- * backend can restart automatically, it is important that
- * we select an algorithm that continues to provide confidentiality
- * even if the attacker has the server's private key. Ephemeral
- * DH (EDH) keys provide this and more (Perfect Forward Secrecy
- * aka PFS).
- *
- * N.B., the static private key should still be protected to
- * the largest extent possible, to minimize the risk of
- * impersonations.
- *
- * Another benefit of EDH is that it allows the backend and
- * clients to use DSA keys. DSA keys can only provide digital
- * signatures, not encryption, and are often acceptable in
- * jurisdictions where RSA keys are unacceptable.
- *
- * The downside to EDH is that it makes it impossible to
- * use ssldump(1) if there's a problem establishing an SSL
- * session. In this case you'll need to temporarily disable
- * EDH (see initialize_dh()).
- *
*-------------------------------------------------------------------------
*/
static bool SSL_initialized = false;
static bool ssl_passwd_cb_called = false;
-/* ------------------------------------------------------------ */
-/* Hardcoded values */
-/* ------------------------------------------------------------ */
-
-/*
- * Hardcoded DH parameters, used in ephemeral DH keying.
- * As discussed above, EDH protects the confidentiality of
- * sessions even if the static private key is compromised,
- * so we are *highly* motivated to ensure that we can use
- * EDH even if the DBA has not provided custom DH parameters.
- *
- * We could refuse SSL connections unless a good DH parameter
- * file exists, but some clients may quietly renegotiate an
- * unsecured connection without fully informing the user.
- * Very uncool. Alternatively, the system could refuse to start
- * if a DH parameters is not specified, but this would tend to
- * piss off DBAs.
- *
- * If you want to create your own hardcoded DH parameters
- * for fun and profit, review "Assigned Number for SKIP
- * Protocols" (http://www.skip-vpn.org/spec/numbers.html)
- * for suggestions.
- */
-
-static const char file_dh2048[] =
-"-----BEGIN DH PARAMETERS-----\n\
-MIIBCAKCAQEA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV\n\
-89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50\n\
-T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb\n\
-zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX\n\
-Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT\n\
-CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg==\n\
------END DH PARAMETERS-----\n";
-
/* ------------------------------------------------------------ */
/* Public interface */
if (ssl_dh_params_file[0])
dh = load_dh_file(ssl_dh_params_file, isServerStart);
if (!dh)
- dh = load_dh_buffer(file_dh2048, sizeof file_dh2048);
+ dh = load_dh_buffer(FILE_DH2048, sizeof(FILE_DH2048));
if (!dh)
{
ereport(isServerStart ? FATAL : LOG,
index 49cb2631104492fd1133b538c861780a30627a18..a38849b0d0bf16e35c9a6694d60ecca2744dfac1 100644 (file)
} Port;
#ifdef USE_SSL
+/*
+ * Hardcoded DH parameters, used in ephemeral DH keying. (See also
+ * README.SSL for more details on EDH.)
+ *
+ * If you want to create your own hardcoded DH parameters
+ * for fun and profit, review "Assigned Number for SKIP
+ * Protocols" (http://www.skip-vpn.org/spec/numbers.html)
+ * for suggestions.
+ */
+#define FILE_DH2048 \
+"-----BEGIN DH PARAMETERS-----\n\
+MIIBCAKCAQEA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV\n\
+89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50\n\
+T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb\n\
+zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX\n\
+Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT\n\
+CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg==\n\
+-----END DH PARAMETERS-----\n"
+
/*
* These functions are implemented by the glue code specific to each
* SSL implementation (e.g. be-secure-openssl.c)