Thread: TODO item for protocol revision: Negotiate encryption in connection handshake

TODO item for protocol revision: Negotiate encryption in connection handshake

From
Craig Ringer
Date:
Hi all

Another thing I keep on wishing Pg's protocol had is an after-connection
negotiation for transport encryption, like STARTTLS .

Right now, the client has to guess if the server requires, permits, or
rejects SSL, and decide whether to start with SSL or !SSL. If that
fails, it has to try the other one.

The way it's managed in pg_hba.conf means that users usually just get
confusing errors like:

FATAL: no pg_hba.conf entry for host "192.168.0.1", user "postgres",
database "whatever", SSL off

without the client app being given the opportunity to be told by the
server "Please upgrade to transport level security before proceeding".

I like how IMAP does it, where the server announces its capabilities.

Reasonable to aim for in a protocol v4?

-- Craig Ringer                   http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services



Re: TODO item for protocol revision: Negotiate encryption in connection handshake

From
Magnus Hagander
Date:
On Wed, Sep 3, 2014 at 12:17 PM, Craig Ringer <craig@2ndquadrant.com> wrote:
> Hi all
>
> Another thing I keep on wishing Pg's protocol had is an after-connection
> negotiation for transport encryption, like STARTTLS .
>
> Right now, the client has to guess if the server requires, permits, or
> rejects SSL, and decide whether to start with SSL or !SSL. If that
> fails, it has to try the other one.
>
> The way it's managed in pg_hba.conf means that users usually just get
> confusing errors like:
>
> FATAL: no pg_hba.conf entry for host "192.168.0.1", user "postgres",
> database "whatever", SSL off
>
> without the client app being given the opportunity to be told by the
> server "Please upgrade to transport level security before proceeding".
>
> I like how IMAP does it, where the server announces its capabilities.
>
> Reasonable to aim for in a protocol v4?

Yeah, it definitely does I think. Should be in the form of some more
generic "capabilities negotiation" though, even if we only have SSL to
begin with.

-- Magnus HaganderMe: http://www.hagander.net/Work: http://www.redpill-linpro.com/