Skip to content

Commit 413d34b

Browse files
mhagandermhagander
committed
Add configuration parameter ssl_renegotiation_limit to control
how often we do SSL session key renegotiation. Can be set to 0 to disable renegotiation completely, which is required if a broken SSL library is used (broken patches to CVE-2009-3555 a known cause) or when using a client library that can't do renegotiation.
1 parent 0ccc515 commit 413d34b

File tree

4 files changed

+45
-6
lines changed

4 files changed

+45
-6
lines changed

doc/src/sgml/config.sgml

Lines changed: 27 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.252 2010/02/17 04:19:37 tgl Exp $ -->
1+
<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.253 2010/02/25 13:26:15 mha Exp $ -->
22

33
<chapter Id="runtime-config">
44
<title>Server Configuration</title>
@@ -606,6 +606,32 @@ SET ENABLE_SEQSCAN TO OFF;
606606
</listitem>
607607
</varlistentry>
608608

609+
<varlistentry id="guc-ssl-renegotiation-limit" xreflabel="ssl_renegotiation_limit">
610+
<term><varname>ssl_renegotiation_limit</varname> (<type>int</type>)</term>
611+
<indexterm>
612+
<primary><varname>ssl_renegotiation_limit</> configuration parameter</primary>
613+
</indexterm>
614+
<listitem>
615+
<para>
616+
Specifies how much data can flow over an <acronym>SSL</> encrypted connection
617+
before renegotiation of the session will take place. Renegotiation of the
618+
session decreases the chance of doing cryptanalysis when large amounts of data
619+
are sent, but it also carries a large performance penalty. The sum of
620+
sent and received traffic is used to check the limit. If the parameter is
621+
set to 0, renegotiation is disabled. The default is <literal>512MB</>.
622+
</para>
623+
<note>
624+
<para>
625+
SSL libraries from before November 2009 are insecure when using SSL
626+
renegotiation, due to a vulnerability in the SSL protocol. As a stop-gap fix
627+
for this vulnerability, some vendors also shipped SSL libraries incapable
628+
of doing renegotiation. If any of these libraries are in use on the client
629+
or server, SSL renegotiation should be disabled.
630+
</para>
631+
</note>
632+
</listitem>
633+
</varlistentry>
634+
609635
<varlistentry id="guc-ssl-ciphers" xreflabel="ssl_ciphers">
610636
<term><varname>ssl_ciphers</varname> (<type>string</type>)</term>
611637
<indexterm>

src/backend/libpq/be-secure.c

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
*
1212
*
1313
* IDENTIFICATION
14-
* $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.97 2010/02/18 11:13:45 heikki Exp $
14+
* $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.98 2010/02/25 13:26:15 mha Exp $
1515
*
1616
* Since the server static private key ($DataDir/server.key)
1717
* will normally be stored unencrypted so that the database
@@ -93,13 +93,14 @@ static void close_SSL(Port *);
9393
static const char *SSLerrmessage(void);
9494
#endif
9595

96-
#ifdef USE_SSL
9796
/*
9897
* How much data can be sent across a secure connection
9998
* (total in both directions) before we require renegotiation.
99+
* Set to 0 to disable renegotiation completely.
100100
*/
101-
#define RENEGOTIATION_LIMIT (512 * 1024 * 1024)
101+
int ssl_renegotiation_limit;
102102

103+
#ifdef USE_SSL
103104
static SSL_CTX *SSL_context = NULL;
104105
static bool ssl_loaded_verify_locations = false;
105106

@@ -320,7 +321,7 @@ secure_write(Port *port, void *ptr, size_t len)
320321
{
321322
int err;
322323

323-
if (port->count > RENEGOTIATION_LIMIT)
324+
if (ssl_renegotiation_limit && port->count > ssl_renegotiation_limit * 1024L)
324325
{
325326
SSL_set_session_id_context(port->ssl, (void *) &SSL_context,
326327
sizeof(SSL_context));

src/backend/utils/misc/guc.c

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
* Written by Peter Eisentraut <peter_e@gmx.net>.
1111
*
1212
* IDENTIFICATION
13-
* $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.541 2010/02/17 04:19:40 tgl Exp $
13+
* $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.542 2010/02/25 13:26:15 mha Exp $
1414
*
1515
*--------------------------------------------------------------------
1616
*/
@@ -117,6 +117,7 @@ extern char *temp_tablespaces;
117117
extern bool synchronize_seqscans;
118118
extern bool fullPageWrites;
119119
extern int vacuum_defer_cleanup_age;
120+
extern int ssl_renegotiation_limit;
120121

121122
int trace_recovery_messages = LOG;
122123

@@ -1968,6 +1969,16 @@ static struct config_int ConfigureNamesInt[] =
19681969
0, 0, INT_MAX, assign_tcp_keepalives_interval, show_tcp_keepalives_interval
19691970
},
19701971

1972+
{
1973+
{"ssl_renegotiation_limit", PGC_USERSET, CONN_AUTH_SECURITY,
1974+
gettext_noop("Set the amount of traffic to send and receive before renegotiating the encryption keys."),
1975+
NULL,
1976+
GUC_UNIT_KB,
1977+
},
1978+
&ssl_renegotiation_limit,
1979+
512 * 1024, 0, MAX_KILOBYTES, NULL, NULL
1980+
},
1981+
19711982
{
19721983
{"tcp_keepalives_count", PGC_USERSET, CLIENT_CONN_OTHER,
19731984
gettext_noop("Maximum number of TCP keepalive retransmits."),

src/backend/utils/misc/postgresql.conf.sample

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -80,6 +80,7 @@
8080
#ssl = off # (change requires restart)
8181
#ssl_ciphers = 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH' # allowed SSL ciphers
8282
# (change requires restart)
83+
#ssl_renegotiation_limit = 512MB # amount of data between renegotiations
8384
#password_encryption = on
8485
#db_user_namespace = off
8586

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy