Thread: SSL (patch 6)

SSL (patch 6)

From

Bear Giles

Date:

25 May 2002, 05:24:20

SSL support for ephemeral DH keys.

As the comment headers in be-secure.c discusses, EPH preserves
confidentiality even if the static private key (which is usually
kept unencrypted) is compromised.

Because of the value of this, common default values are hard-coded
to protect the confidentiality of the data even if an attacker
successfully deletes or modifies the external file.

Bear

Attachment

patch6

Re: SSL (patch 6)

From

Bruce Momjian

Date:

11 June 2002, 21:32:32

Your patch has been added to the PostgreSQL unapplied patches list at:

    http://candle.pha.pa.us/cgi-bin/pgpatches

I will try to apply it within the next 48 hours.

---------------------------------------------------------------------------


Bear Giles wrote:
> SSL support for ephemeral DH keys.
>
> As the comment headers in be-secure.c discusses, EPH preserves
> confidentiality even if the static private key (which is usually
> kept unencrypted) is compromised.
>
> Because of the value of this, common default values are hard-coded
> to protect the confidentiality of the data even if an attacker
> successfully deletes or modifies the external file.
>
> Bear

Content-Description: /tmp/patch6

[ Attachment, skipping... ]

>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/users-lounge/docs/faq.html

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026

Re: SSL (patch 6)

From

Bruce Momjian

Date:

14 June 2002, 03:37:33

Patch applied.  Thanks.

---------------------------------------------------------------------------


Bear Giles wrote:
> SSL support for ephemeral DH keys.
>
> As the comment headers in be-secure.c discusses, EPH preserves
> confidentiality even if the static private key (which is usually
> kept unencrypted) is compromised.
>
> Because of the value of this, common default values are hard-coded
> to protect the confidentiality of the data even if an attacker
> successfully deletes or modifies the external file.
>
> Bear

Content-Description: /tmp/patch6

[ Attachment, skipping... ]

>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/users-lounge/docs/faq.html

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026