Add configuration parameter ssl_renegotiation_limit to control
how often we do SSL session key renegotiation. Can be set to 0 to disable renegotiation completely, which is required if a broken SSL library is used (broken patches to CVE-2009-3555 a known cause) or when using a client library that can't do renegotiation.
This commit is contained in:
Magnus Hagander
parent
0ccc5153f8
commit
413d34be4e
@ -1,4 +1,4 @@
|
||||
<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.252 2010/02/17 04:19:37 tgl Exp $ -->
|
||||
<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.253 2010/02/25 13:26:15 mha Exp $ -->
|
||||
|
||||
<chapter Id="runtime-config">
|
||||
<title>Server Configuration</title>
|
||||
@ -606,6 +606,32 @@ SET ENABLE_SEQSCAN TO OFF;
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry id="guc-ssl-renegotiation-limit" xreflabel="ssl_renegotiation_limit">
|
||||
<term><varname>ssl_renegotiation_limit</varname> (<type>int</type>)</term>
|
||||
<indexterm>
|
||||
<primary><varname>ssl_renegotiation_limit</> configuration parameter</primary>
|
||||
</indexterm>
|
||||
<listitem>
|
||||
<para>
|
||||
Specifies how much data can flow over an <acronym>SSL</> encrypted connection
|
||||
before renegotiation of the session will take place. Renegotiation of the
|
||||
session decreases the chance of doing cryptanalysis when large amounts of data
|
||||
are sent, but it also carries a large performance penalty. The sum of
|
||||
sent and received traffic is used to check the limit. If the parameter is
|
||||
set to 0, renegotiation is disabled. The default is <literal>512MB</>.
|
||||
</para>
|
||||
<note>
|
||||
<para>
|
||||
SSL libraries from before November 2009 are insecure when using SSL
|
||||
renegotiation, due to a vulnerability in the SSL protocol. As a stop-gap fix
|
||||
for this vulnerability, some vendors also shipped SSL libraries incapable
|
||||
of doing renegotiation. If any of these libraries are in use on the client
|
||||
or server, SSL renegotiation should be disabled.
|
||||
</para>
|
||||
</note>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry id="guc-ssl-ciphers" xreflabel="ssl_ciphers">
|
||||
<term><varname>ssl_ciphers</varname> (<type>string</type>)</term>
|
||||
<indexterm>
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.97 2010/02/18 11:13:45 heikki Exp $
|
||||
* $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.98 2010/02/25 13:26:15 mha Exp $
|
||||
*
|
||||
* Since the server static private key ($DataDir/server.key)
|
||||
* will normally be stored unencrypted so that the database
|
||||
@ -93,13 +93,14 @@ static void close_SSL(Port *);
|
||||
static const char *SSLerrmessage(void);
|
||||
#endif
|
||||
|
||||
#ifdef USE_SSL
|
||||
/*
|
||||
* How much data can be sent across a secure connection
|
||||
* (total in both directions) before we require renegotiation.
|
||||
* Set to 0 to disable renegotiation completely.
|
||||
*/
|
||||
#define RENEGOTIATION_LIMIT (512 * 1024 * 1024)
|
||||
int ssl_renegotiation_limit;
|
||||
|
||||
#ifdef USE_SSL
|
||||
static SSL_CTX *SSL_context = NULL;
|
||||
static bool ssl_loaded_verify_locations = false;
|
||||
|
||||
@ -320,7 +321,7 @@ secure_write(Port *port, void *ptr, size_t len)
|
||||
{
|
||||
int err;
|
||||
|
||||
if (port->count > RENEGOTIATION_LIMIT)
|
||||
if (ssl_renegotiation_limit && port->count > ssl_renegotiation_limit * 1024L)
|
||||
{
|
||||
SSL_set_session_id_context(port->ssl, (void *) &SSL_context,
|
||||
sizeof(SSL_context));
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
* Written by Peter Eisentraut <peter_e@gmx.net>.
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.541 2010/02/17 04:19:40 tgl Exp $
|
||||
* $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.542 2010/02/25 13:26:15 mha Exp $
|
||||
*
|
||||
*--------------------------------------------------------------------
|
||||
*/
|
||||
@ -117,6 +117,7 @@ extern char *temp_tablespaces;
|
||||
extern bool synchronize_seqscans;
|
||||
extern bool fullPageWrites;
|
||||
extern int vacuum_defer_cleanup_age;
|
||||
extern int ssl_renegotiation_limit;
|
||||
|
||||
int trace_recovery_messages = LOG;
|
||||
|
||||
@ -1968,6 +1969,16 @@ static struct config_int ConfigureNamesInt[] =
|
||||
0, 0, INT_MAX, assign_tcp_keepalives_interval, show_tcp_keepalives_interval
|
||||
},
|
||||
|
||||
{
|
||||
{"ssl_renegotiation_limit", PGC_USERSET, CONN_AUTH_SECURITY,
|
||||
gettext_noop("Set the amount of traffic to send and receive before renegotiating the encryption keys."),
|
||||
NULL,
|
||||
GUC_UNIT_KB,
|
||||
},
|
||||
&ssl_renegotiation_limit,
|
||||
512 * 1024, 0, MAX_KILOBYTES, NULL, NULL
|
||||
},
|
||||
|
||||
{
|
||||
{"tcp_keepalives_count", PGC_USERSET, CLIENT_CONN_OTHER,
|
||||
gettext_noop("Maximum number of TCP keepalive retransmits."),
|
||||
|
||||
@ -80,6 +80,7 @@
|
||||
#ssl = off # (change requires restart)
|
||||
#ssl_ciphers = 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH' # allowed SSL ciphers
|
||||
# (change requires restart)
|
||||
#ssl_renegotiation_limit = 512MB # amount of data between renegotiations
|
||||
#password_encryption = on
|
||||
#db_user_namespace = off
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user