git.postgresql.org Git - postgresql.git/commit

projects / postgresql.git / commit

summary | shortlog | log | commit | commitdiff | tree
(parent: 5b4791b) | patch

author	Michael Paquier <michael@paquier.xyz>
	Tue, 25 May 2021 01:11:13 +0000 (10:11 +0900)
committer	Michael Paquier <michael@paquier.xyz>
	Tue, 25 May 2021 01:11:13 +0000 (10:11 +0900)
commit	a23c0b00f08a983216faf16c5d2e94fe963fa0d1
tree	de94e1d536c4fbd047a90441761e2b333bbbd4ca	tree
parent	5b4791b4580e95a1230e89c11c08058f18b92225	commit \| diff

Disallow SSL renegotiation

SSL renegotiation is already disabled as of 48d23c72, however this does
not prevent the server to comply with a client willing to use
renegotiation.  In the last couple of years, renegotiation had its set
of security issues and flaws (like the recent CVE-2021-3449), and it
could be possible to crash the backend with a client attempting
renegotiation.

This commit takes one extra step by disabling renegotiation in the
backend in the same way as SSL compression (f9264d15) or tickets
(97d3a0b0).  OpenSSL 1.1.0h has added an option named
SSL_OP_NO_RENEGOTIATION able to achieve that.  In older versions
there is an option called SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS that
was undocumented, and could be set within the SSL object created when
the TLS connection opens, but I have decided not to use it, as it feels
trickier to rely on, and it is not official.  Note that this option is
not usable in OpenSSL < 1.1.0h as the internal contents of the *SSL
object are hidden to applications.

SSL renegotiation concerns protocols up to TLSv1.2.

Per original report from Robert Haas, with a patch based on a suggestion
by Andres Freund.

Author: Michael Paquier
Reviewed-by: Daniel Gustafsson
Discussion: https://postgr.es/m/YKZBXx7RhU74FlTE@paquier.xyz
Backpatch-through: 9.6

src/backend/libpq/be-secure-openssl.c

diff | blob | blame | history

This is the main PostgreSQL git repository.