Re: SSL: better default ciphersuite - Mailing list pgsql-hackers

From Marko Kreen
Subject Re: SSL: better default ciphersuite
Date
Msg-id 20140223213108.GA26951@gmail.com
Whole thread Raw
In response to Re: SSL: better default ciphersuite  (Peter Eisentraut <peter_e@gmx.net>)
Responses Re: SSL: better default ciphersuite
List pgsql-hackers
On Sat, Feb 22, 2014 at 08:31:14PM -0500, Peter Eisentraut wrote:
> On 2/2/14, 7:16 AM, Marko Kreen wrote:
> > On Thu, Dec 12, 2013 at 04:32:07PM +0200, Marko Kreen wrote:
> >> Attached patch changes default ciphersuite to HIGH:MEDIUM:+3DES:!aNULL
> >> and also adds documentation about reasoning for it.
> > 
> > This is the last pending SSL cleanup related patch:
> > 
> >   https://commitfest.postgresql.org/action/patch_view?id=1310
> > 
> > Peter, you have claimed it as committer, do you see any remaining
> > issues with it?
> 
> I'm OK with this change on the principle of clarifying and refining the
> existing default.  But after inspecting the expanded cipher list with
> the "openssl cipher" tool, I noticed that the new default re-enabled MD5
> ciphers.  Was that intentional?

Yes, kind of.  First note that only RC4-MD5 is SSLv3+,
rest are SSLv2-only suites.

There are 2 points relevant about RC4-MD5:

* Main reason MEDIUM was added is to get RC4, for compatibility.

* ALthough MD5 is broken, TLS protocol uses HMAC-MD5 which is not. So RC4-MD5 is weak suite not because of MD5 but
becauseof RC4.
 

My conclusion is it's unnecessary to add '!MD5' to MEDIUM as
that would not actually make things more secure.   Instead
'MEDIUM' alone is enough to show that user will not get
state-of-the-art-only suites.

-- 
marko




pgsql-hackers by date:

Previous
From: Andres Freund
Date:
Subject: Re: often PREPARE can generate high load (and sometimes minutes long unavailability)
Next
From: Andreas Karlsson
Date:
Subject: Re: GiST support for inet datatypes