Re: Force disable of SSL renegociation in the server

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Michael Paquier <michael@paquier.xyz>
Cc: Postgres hackers <pgsql-hackers@lists.postgresql.org>, Robert Haas <robertmhaas@gmail.com>, Andres Freund <andres@anarazel.de>
Date: 2021-05-24T09:09:38Z
Lists: pgsql-hackers
> On 24 May 2021, at 03:29, Michael Paquier <michael@paquier.xyz> wrote:

> I got to look at that in details, and the attached would be able to do
> the job with OpenSSL 1.0.2 and older versions.  The main idea is to
> set up SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS once the SSL object is
> created when opening the TLS connection to business.  I have tested
> that down to 0.9.8 on all supported branches with the protocols we
> support (heads up to ssl_min_protocol_version here), and that looks to
> work as I'd expect.
> 
> It is not a good idea to rely on OPENSSL_VERSION_NUMBER for such
> version checks as I am doing here, as we've been bitten with
> compatibility with LibreSSL in the past.  So this had better use a
> check based on HAVE_OPENSSL_INIT_SSL to make sure that 1.1.0 is the
> version of OpenSSL used.

I agree that a capability based check is better than using the version numbers
as their is a collision risk between distributions (and even within OpenSSL as
NetBSD for example invented their own version etc).

> Anyway, I really don't like using this undocumented option, and there is
> nothing that can be done with OpenSSL < 1.1.0h in the 1.1.0 series as the s3
> part of the *SSL object gets hidden to the application, so it is not possible
> to set SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS there.


1.1.0d killed what was left of SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS while keeping
it defined, so there is also very little value in even attempting it there.

+1 on the patch, LGTM.

--
Daniel Gustafsson		https://vmware.com/




Commits

  1. Disallow SSL renegotiation