Commit 573bd08b authored by Peter Eisentraut's avatar Peter Eisentraut

Move EDH support to common files

The EDH support is not really specific to the OpenSSL implementation, so
move the support and documentation comments to common files.
parent 7404e77c
...@@ -58,3 +58,25 @@ SSL ...@@ -58,3 +58,25 @@ SSL
Fail with unknown Fail with unknown
--------------------------------------------------------------------------- ---------------------------------------------------------------------------
Ephemeral DH
============
Since the server static private key ($DataDir/server.key) will
normally be stored unencrypted so that the database backend can
restart automatically, it is important that we select an algorithm
that continues to provide confidentiality even if the attacker has the
server's private key. Ephemeral DH (EDH) keys provide this and more
(Perfect Forward Secrecy aka PFS).
N.B., the static private key should still be protected to the largest
extent possible, to minimize the risk of impersonations.
Another benefit of EDH is that it allows the backend and clients to
use DSA keys. DSA keys can only provide digital signatures, not
encryption, and are often acceptable in jurisdictions where RSA keys
are unacceptable.
The downside to EDH is that it makes it impossible to use ssldump(1)
if there's a problem establishing an SSL session. In this case you'll
need to temporarily disable EDH (see initialize_dh()).
...@@ -11,28 +11,6 @@ ...@@ -11,28 +11,6 @@
* IDENTIFICATION * IDENTIFICATION
* src/backend/libpq/be-secure-openssl.c * src/backend/libpq/be-secure-openssl.c
* *
* Since the server static private key ($DataDir/server.key)
* will normally be stored unencrypted so that the database
* backend can restart automatically, it is important that
* we select an algorithm that continues to provide confidentiality
* even if the attacker has the server's private key. Ephemeral
* DH (EDH) keys provide this and more (Perfect Forward Secrecy
* aka PFS).
*
* N.B., the static private key should still be protected to
* the largest extent possible, to minimize the risk of
* impersonations.
*
* Another benefit of EDH is that it allows the backend and
* clients to use DSA keys. DSA keys can only provide digital
* signatures, not encryption, and are often acceptable in
* jurisdictions where RSA keys are unacceptable.
*
* The downside to EDH is that it makes it impossible to
* use ssldump(1) if there's a problem establishing an SSL
* session. In this case you'll need to temporarily disable
* EDH (see initialize_dh()).
*
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
...@@ -87,40 +65,6 @@ static SSL_CTX *SSL_context = NULL; ...@@ -87,40 +65,6 @@ static SSL_CTX *SSL_context = NULL;
static bool SSL_initialized = false; static bool SSL_initialized = false;
static bool ssl_passwd_cb_called = false; static bool ssl_passwd_cb_called = false;
/* ------------------------------------------------------------ */
/* Hardcoded values */
/* ------------------------------------------------------------ */
/*
* Hardcoded DH parameters, used in ephemeral DH keying.
* As discussed above, EDH protects the confidentiality of
* sessions even if the static private key is compromised,
* so we are *highly* motivated to ensure that we can use
* EDH even if the DBA has not provided custom DH parameters.
*
* We could refuse SSL connections unless a good DH parameter
* file exists, but some clients may quietly renegotiate an
* unsecured connection without fully informing the user.
* Very uncool. Alternatively, the system could refuse to start
* if a DH parameters is not specified, but this would tend to
* piss off DBAs.
*
* If you want to create your own hardcoded DH parameters
* for fun and profit, review "Assigned Number for SKIP
* Protocols" (http://www.skip-vpn.org/spec/numbers.html)
* for suggestions.
*/
static const char file_dh2048[] =
"-----BEGIN DH PARAMETERS-----\n\
MIIBCAKCAQEA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV\n\
89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50\n\
T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb\n\
zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX\n\
Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT\n\
CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg==\n\
-----END DH PARAMETERS-----\n";
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
/* Public interface */ /* Public interface */
...@@ -1080,7 +1024,7 @@ initialize_dh(SSL_CTX *context, bool isServerStart) ...@@ -1080,7 +1024,7 @@ initialize_dh(SSL_CTX *context, bool isServerStart)
if (ssl_dh_params_file[0]) if (ssl_dh_params_file[0])
dh = load_dh_file(ssl_dh_params_file, isServerStart); dh = load_dh_file(ssl_dh_params_file, isServerStart);
if (!dh) if (!dh)
dh = load_dh_buffer(file_dh2048, sizeof file_dh2048); dh = load_dh_buffer(FILE_DH2048, sizeof(FILE_DH2048));
if (!dh) if (!dh)
{ {
ereport(isServerStart ? FATAL : LOG, ereport(isServerStart ? FATAL : LOG,
......
...@@ -193,6 +193,25 @@ typedef struct Port ...@@ -193,6 +193,25 @@ typedef struct Port
} Port; } Port;
#ifdef USE_SSL #ifdef USE_SSL
/*
* Hardcoded DH parameters, used in ephemeral DH keying. (See also
* README.SSL for more details on EDH.)
*
* If you want to create your own hardcoded DH parameters
* for fun and profit, review "Assigned Number for SKIP
* Protocols" (http://www.skip-vpn.org/spec/numbers.html)
* for suggestions.
*/
#define FILE_DH2048 \
"-----BEGIN DH PARAMETERS-----\n\
MIIBCAKCAQEA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV\n\
89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50\n\
T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb\n\
zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX\n\
Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT\n\
CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg==\n\
-----END DH PARAMETERS-----\n"
/* /*
* These functions are implemented by the glue code specific to each * These functions are implemented by the glue code specific to each
* SSL implementation (e.g. be-secure-openssl.c) * SSL implementation (e.g. be-secure-openssl.c)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment