Commit c0a15e07 authored by Heikki Linnakangas's avatar Heikki Linnakangas

Always use 2048 bit DH parameters for OpenSSL ephemeral DH ciphers.

1024 bits is considered weak these days, but OpenSSL always passes 1024 as
the key length to the tmp_dh callback. All the code to handle other key
lengths is, in fact, dead.

To remedy those issues:

* Only include hard-coded 2048-bit parameters.
* Set the parameters directly with SSL_CTX_set_tmp_dh(), without the
  callback
* The name of the file containing the DH parameters is now a GUC. This
  replaces the old hardcoded "dh1024.pem" filename. (The files for other
  key lengths, dh512.pem, dh2048.pem, etc. were never actually used.)

This is not a new problem, but it doesn't seem worth the risk and churn to
backport. If you care enough about the strength of the DH parameters on
old versions, you can create custom DH parameters, with as many bits as you
wish, and put them in the "dh1024.pem" file.

Per report by Nicolas Guini and Damian Quiroga. Reviewed by Michael Paquier.

Discussion: https://www.postgresql.org/message-id/CAMxBoUyjOOautVozN6ofzym828aNrDjuCcOTcCquxjwS-L2hGQ@mail.gmail.com
parent dea6ba93
...@@ -1203,6 +1203,30 @@ include_dir 'conf.d' ...@@ -1203,6 +1203,30 @@ include_dir 'conf.d'
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry id="guc-ssl-dh-params-file" xreflabel="ssl_dh_params_file">
<term><varname>ssl_dh_params_file</varname> (<type>string</type>)
<indexterm>
<primary><varname>ssl_dh_params_file</> configuration parameter</primary>
</indexterm>
</term>
<listitem>
<para>
Specifies the name of the file containing Diffie-Hellman parameters
used for so-called ephemeral DH family of SSL ciphers. The default is
empty, in which case compiled-in default DH parameters used. Using
custom DH parameters reduces the exposure if an attacker manages to
crack the well-known compiled-in DH parameters. You can create your own
DH parameters file with the command
<command>openssl dhparam -out dhparams.pem 2048</command>.
</para>
<para>
This parameter can only be set in the <filename>postgresql.conf</>
file or on the server command line.
</para>
</listitem>
</varlistentry>
<varlistentry id="guc-krb-server-keyfile" xreflabel="krb_server_keyfile"> <varlistentry id="guc-krb-server-keyfile" xreflabel="krb_server_keyfile">
<term><varname>krb_server_keyfile</varname> (<type>string</type>) <term><varname>krb_server_keyfile</varname> (<type>string</type>)
<indexterm> <indexterm>
......
This diff is collapsed.
...@@ -44,6 +44,7 @@ char *ssl_cert_file; ...@@ -44,6 +44,7 @@ char *ssl_cert_file;
char *ssl_key_file; char *ssl_key_file;
char *ssl_ca_file; char *ssl_ca_file;
char *ssl_crl_file; char *ssl_crl_file;
char *ssl_dh_params_file;
#ifdef USE_SSL #ifdef USE_SSL
bool ssl_loaded_verify_locations = false; bool ssl_loaded_verify_locations = false;
......
...@@ -3606,6 +3606,17 @@ static struct config_string ConfigureNamesString[] = ...@@ -3606,6 +3606,17 @@ static struct config_string ConfigureNamesString[] =
NULL, NULL, NULL NULL, NULL, NULL
}, },
{
{"ssl_dh_params_file", PGC_SIGHUP, CONN_AUTH_SECURITY,
gettext_noop("Location of the SSL DH params file."),
NULL,
GUC_SUPERUSER_ONLY
},
&ssl_dh_params_file,
"",
NULL, NULL, NULL
},
{ {
{"application_name", PGC_USERSET, LOGGING_WHAT, {"application_name", PGC_USERSET, LOGGING_WHAT,
gettext_noop("Sets the application name to be reported in statistics and logs."), gettext_noop("Sets the application name to be reported in statistics and logs."),
......
...@@ -80,6 +80,7 @@ ...@@ -80,6 +80,7 @@
#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
#ssl_prefer_server_ciphers = on #ssl_prefer_server_ciphers = on
#ssl_ecdh_curve = 'prime256v1' #ssl_ecdh_curve = 'prime256v1'
#ssl_dh_params_file = ''
#ssl_cert_file = 'server.crt' #ssl_cert_file = 'server.crt'
#ssl_key_file = 'server.key' #ssl_key_file = 'server.key'
#ssl_ca_file = '' #ssl_ca_file = ''
......
...@@ -79,6 +79,7 @@ extern char *ssl_cert_file; ...@@ -79,6 +79,7 @@ extern char *ssl_cert_file;
extern char *ssl_key_file; extern char *ssl_key_file;
extern char *ssl_ca_file; extern char *ssl_ca_file;
extern char *ssl_crl_file; extern char *ssl_crl_file;
extern char *ssl_dh_params_file;
extern int secure_initialize(bool isServerStart); extern int secure_initialize(bool isServerStart);
extern bool secure_loaded_verify_locations(void); extern bool secure_loaded_verify_locations(void);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment