Audit default postgresql TLS cipher list
In we added support for replicating postgresql using TLS. Omnibus defaults to the postgresql defaults for the list of SSL ciphers. We should ensure that the defaults are sane. If they aren't, we should update omnibus to override the postgresql defaults with sane values.
Designs
- Show closed items
Activity
-
Newest first Oldest first
-
Show all activity Show comments only Show history only
- Nick Thomas made the issue confidential
made the issue confidential
- Nick Thomas added security label
added security label
- Author Contributor
https://www.postgresql.org/docs/9.6/static/runtime-config-connection.html states
The default value is HIGH:MEDIUM:+3DES:!aNULL.
Resulting in these ciphers:
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-ECDSA-AES256-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(256) Mac=AEAD ECDHE-ECDSA-AES256-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(256) Mac=AEAD DHE-RSA-AES256-CCM8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(256) Mac=AEAD DHE-RSA-AES256-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(256) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES128-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(128) Mac=AEAD ECDHE-ECDSA-AES128-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(128) Mac=AEAD DHE-RSA-AES128-CCM8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(128) Mac=AEAD DHE-RSA-AES128-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(128) Mac=AEAD ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256 ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(256) Mac=SHA384 ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384 DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256 DHE-DSS-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA256 ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 DHE-DSS-AES128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(128) Mac=SHA256 ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256 DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA256 DHE-DSS-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA256 ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1 DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA1 ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1 DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1 DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA1 RSA-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(256) Mac=AEAD RSA-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=RSAPSK Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD DHE-PSK-AES256-CCM8 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM8(256) Mac=AEAD DHE-PSK-AES256-CCM TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM(256) Mac=AEAD AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD AES256-CCM8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(256) Mac=AEAD AES256-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(256) Mac=AEAD PSK-AES256-GCM-SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(256) Mac=AEAD PSK-CHACHA20-POLY1305 TLSv1.2 Kx=PSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD PSK-AES256-CCM8 TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM8(256) Mac=AEAD PSK-AES256-CCM TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM(256) Mac=AEAD RSA-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(128) Mac=AEAD DHE-PSK-AES128-CCM8 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM8(128) Mac=AEAD DHE-PSK-AES128-CCM TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM(128) Mac=AEAD AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD AES128-CCM8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(128) Mac=AEAD AES128-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(128) Mac=AEAD PSK-AES128-GCM-SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(128) Mac=AEAD PSK-AES128-CCM8 TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM8(128) Mac=AEAD PSK-AES128-CCM TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM(128) Mac=AEAD AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256 CAMELLIA256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA256 AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256 CAMELLIA128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA256 ECDHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(256) Mac=SHA384 ECDHE-PSK-AES256-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(256) Mac=SHA1 SRP-DSS-AES-256-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=AES(256) Mac=SHA1 SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(256) Mac=SHA1 SRP-AES-256-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(256) Mac=SHA1 RSA-PSK-AES256-CBC-SHA384 TLSv1 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA384 DHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=DHEPSK Au=PSK Enc=AES(256) Mac=SHA384 RSA-PSK-AES256-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA1 DHE-PSK-AES256-CBC-SHA SSLv3 Kx=DHEPSK Au=PSK Enc=AES(256) Mac=SHA1 ECDHE-PSK-CAMELLIA256-SHA384 TLSv1 Kx=ECDHEPSK Au=PSK Enc=Camellia(256) Mac=SHA384 RSA-PSK-CAMELLIA256-SHA384 TLSv1 Kx=RSAPSK Au=RSA Enc=Camellia(256) Mac=SHA384 DHE-PSK-CAMELLIA256-SHA384 TLSv1 Kx=DHEPSK Au=PSK Enc=Camellia(256) Mac=SHA384 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1 PSK-AES256-CBC-SHA384 TLSv1 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA384 PSK-AES256-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA1 PSK-CAMELLIA256-SHA384 TLSv1 Kx=PSK Au=PSK Enc=Camellia(256) Mac=SHA384 ECDHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA256 ECDHE-PSK-AES128-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA1 SRP-DSS-AES-128-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=AES(128) Mac=SHA1 SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(128) Mac=SHA1 SRP-AES-128-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(128) Mac=SHA1 RSA-PSK-AES128-CBC-SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA256 DHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA256 RSA-PSK-AES128-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA1 DHE-PSK-AES128-CBC-SHA SSLv3 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA1 ECDHE-PSK-CAMELLIA128-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=Camellia(128) Mac=SHA256 RSA-PSK-CAMELLIA128-SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=Camellia(128) Mac=SHA256 DHE-PSK-CAMELLIA128-SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=Camellia(128) Mac=SHA256 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1 PSK-AES128-CBC-SHA256 TLSv1 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA256 PSK-AES128-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA1 PSK-CAMELLIA128-SHA256 TLSv1 Kx=PSK Au=PSK Enc=Camellia(128) Mac=SHA256 DHE-RSA-SEED-SHA SSLv3 Kx=DH Au=RSA Enc=SEED(128) Mac=SHA1 DHE-DSS-SEED-SHA SSLv3 Kx=DH Au=DSS Enc=SEED(128) Mac=SHA1 SEED-SHA SSLv3 Kx=RSA Au=RSA Enc=SEED(128) Mac=SHA1
I think it's possible that an MitM attacker could execute a protocol downgrade attack with these settings.
If so, we need to ensure that we only support TLSv1.1 and TLSv1.2, by setting a default value for
postgresql['ssl_ciphers']
- Author Contributor
PostgreSQL doesn't have a dial to disable specific protocols, and it seems it enables TLSv1, TLSv1.1 and TLSv1.2 (not SSLv3 and not SSLv2 from my initial investigation. Will confirm soon).
What we can do is disable all the ciphers that work in TLSv1 and SSLv3:
lupine@gitlab-t470p:~$ openssl ciphers -v 'HIGH:MEDIUM:+3DES:!aNULL:!TLSv1:!SSLv3' ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-ECDSA-AES256-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(256) Mac=AEAD ECDHE-ECDSA-AES256-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(256) Mac=AEAD DHE-RSA-AES256-CCM8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(256) Mac=AEAD DHE-RSA-AES256-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(256) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES128-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(128) Mac=AEAD ECDHE-ECDSA-AES128-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(128) Mac=AEAD DHE-RSA-AES128-CCM8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(128) Mac=AEAD DHE-RSA-AES128-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(128) Mac=AEAD ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256 ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(256) Mac=SHA384 ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384 DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256 DHE-DSS-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA256 ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 DHE-DSS-AES128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(128) Mac=SHA256 ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256 DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA256 DHE-DSS-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA256 RSA-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(256) Mac=AEAD RSA-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=RSAPSK Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD DHE-PSK-AES256-CCM8 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM8(256) Mac=AEAD DHE-PSK-AES256-CCM TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM(256) Mac=AEAD AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD AES256-CCM8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(256) Mac=AEAD AES256-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(256) Mac=AEAD PSK-AES256-GCM-SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(256) Mac=AEAD PSK-CHACHA20-POLY1305 TLSv1.2 Kx=PSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD PSK-AES256-CCM8 TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM8(256) Mac=AEAD PSK-AES256-CCM TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM(256) Mac=AEAD RSA-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(128) Mac=AEAD DHE-PSK-AES128-CCM8 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM8(128) Mac=AEAD DHE-PSK-AES128-CCM TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM(128) Mac=AEAD AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD AES128-CCM8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(128) Mac=AEAD AES128-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(128) Mac=AEAD PSK-AES128-GCM-SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(128) Mac=AEAD PSK-AES128-CCM8 TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM8(128) Mac=AEAD PSK-AES128-CCM TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM(128) Mac=AEAD AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256 CAMELLIA256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA256 AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256 CAMELLIA128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA256
This is nasty, but should have the desired effect - protocol downgrades will fail as the client will be unable to agree a cipher with the server.
Edited by Nick Thomas - Author Contributor
Yes. Postgresql 9.6 will reject SSLv3 but accept TLSv1 connections. There is no ssl_protocols (or equivalent) command to prevent this from happening, so all we can do is disable ssl_ciphers that are usable by tls1.0.
- Author Contributor
A before and after on my local machine. Although the list of ciphers available be be different in omnibus, since we compile against our own openssl, which is in v1.0.2 whereas I'm v1.1.0. If the list ends up empty, we can't use this. I'll check.
lupine@gitlab-t470p:~/src/sslyze$ python sslyze --starttls=postgres --hide_rejected_ciphers localhost:5432 --sslv2 --sslv3 --tlsv1 --tlsv1_1 --tlsv1_2 SCAN RESULTS FOR LOCALHOST:5432 - ::1 ------------------------------------- * SSLV2 Cipher Suites: Server rejected all cipher suites. * SSLV3 Cipher Suites: Server rejected all cipher suites. * TLSV1 Cipher Suites: Preferred: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH-256 bits 256 bits Accepted: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH-256 bits 256 bits TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH-1024 bits 256 bits TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DH-1024 bits 256 bits TLS_RSA_WITH_AES_256_CBC_SHA - 256 bits TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - 256 bits TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDH-256 bits 128 bits TLS_DHE_RSA_WITH_AES_128_CBC_SHA DH-1024 bits 128 bits TLS_DHE_RSA_WITH_SEED_CBC_SHA DH-1024 bits 128 bits TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DH-1024 bits 128 bits TLS_RSA_WITH_SEED_CBC_SHA - 128 bits TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - 128 bits TLS_RSA_WITH_AES_128_CBC_SHA - 128 bits * TLSV1_1 Cipher Suites: Preferred: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH-256 bits 256 bits Accepted: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH-256 bits 256 bits TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DH-1024 bits 256 bits TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH-1024 bits 256 bits TLS_RSA_WITH_AES_256_CBC_SHA - 256 bits TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - 256 bits TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDH-256 bits 128 bits TLS_DHE_RSA_WITH_AES_128_CBC_SHA DH-1024 bits 128 bits TLS_DHE_RSA_WITH_SEED_CBC_SHA DH-1024 bits 128 bits TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DH-1024 bits 128 bits TLS_RSA_WITH_AES_128_CBC_SHA - 128 bits TLS_RSA_WITH_SEED_CBC_SHA - 128 bits TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - 128 bits * TLSV1_2 Cipher Suites: Preferred: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH-256 bits 256 bits Accepted: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH-256 bits 256 bits TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH-256 bits 256 bits TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH-256 bits 256 bits TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH-1024 bits 256 bits TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH-1024 bits 256 bits TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH-1024 bits 256 bits TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDH-256 bits 256 bits TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 DH-1024 bits 256 bits TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DH-1024 bits 256 bits TLS_RSA_WITH_AES_256_CBC_SHA256 - 256 bits TLS_RSA_WITH_AES_256_CBC_SHA - 256 bits TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - 256 bits TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - 256 bits TLS_RSA_WITH_AES_256_GCM_SHA384 - 256 bits TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH-256 bits 128 bits TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDH-256 bits 128 bits TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DH-1024 bits 128 bits TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDH-256 bits 128 bits TLS_DHE_RSA_WITH_AES_128_CBC_SHA DH-1024 bits 128 bits TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DH-1024 bits 128 bits TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDH-256 bits 128 bits TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 DH-1024 bits 128 bits TLS_DHE_RSA_WITH_SEED_CBC_SHA DH-1024 bits 128 bits TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DH-1024 bits 128 bits TLS_RSA_WITH_SEED_CBC_SHA - 128 bits TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - 128 bits TLS_RSA_WITH_AES_128_GCM_SHA256 - 128 bits TLS_RSA_WITH_AES_128_CBC_SHA - 128 bits TLS_RSA_WITH_AES_128_CBC_SHA256 - 128 bits TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - 128 bits SCAN COMPLETED IN 0.31 S ------------------------ lupine@gitlab-t470p:~/src/sslyze$ python sslyze --starttls=postgres --hide_rejected_ciphers localhost:5432 --sslv2 --sslv3 --tlsv1 --tlsv1_1 --tlsv1_2 SCAN RESULTS FOR LOCALHOST:5432 - ::1 ------------------------------------- * SSLV2 Cipher Suites: Server rejected all cipher suites. * TLSV1 Cipher Suites: Server rejected all cipher suites. * SSLV3 Cipher Suites: Server rejected all cipher suites. * TLSV1_1 Cipher Suites: Server rejected all cipher suites. * TLSV1_2 Cipher Suites: Preferred: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH-256 bits 256 bits Accepted: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH-256 bits 256 bits TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH-256 bits 256 bits TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH-1024 bits 256 bits TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH-1024 bits 256 bits TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDH-256 bits 256 bits TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 DH-1024 bits 256 bits TLS_RSA_WITH_AES_256_CBC_SHA256 - 256 bits TLS_RSA_WITH_AES_256_GCM_SHA384 - 256 bits TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - 256 bits TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH-256 bits 128 bits TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDH-256 bits 128 bits TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DH-1024 bits 128 bits TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DH-1024 bits 128 bits TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDH-256 bits 128 bits TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 DH-1024 bits 128 bits TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - 128 bits TLS_RSA_WITH_AES_128_CBC_SHA256 - 128 bits TLS_RSA_WITH_AES_128_GCM_SHA256 - 128 bits SCAN COMPLETED IN 0.30 S ------------------------ lupine@gitlab-t470p:~/src/sslyze$
- Author Contributor
OK. Current behaviour in omnibus:
* SSLV2 Cipher Suites: Server rejected all cipher suites. * SSLV3 Cipher Suites: Server rejected all cipher suites. * TLSV1 Cipher Suites: Preferred: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH-256 bits 256 bits Accepted: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH-256 bits 256 bits TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH-1024 bits 256 bits TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DH-1024 bits 256 bits TLS_RSA_WITH_AES_256_CBC_SHA - 256 bits TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - 256 bits TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDH-256 bits 128 bits TLS_DHE_RSA_WITH_AES_128_CBC_SHA DH-1024 bits 128 bits TLS_DHE_RSA_WITH_SEED_CBC_SHA DH-1024 bits 128 bits TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DH-1024 bits 128 bits TLS_RSA_WITH_AES_128_CBC_SHA - 128 bits TLS_RSA_WITH_SEED_CBC_SHA - 128 bits TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - 128 bits TLS_ECDHE_RSA_WITH_RC4_128_SHA ECDH-256 bits 128 bits TLS_RSA_WITH_RC4_128_SHA - 128 bits TLS_RSA_WITH_RC4_128_MD5 - 128 bits TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDH-256 bits 112 bits TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DH-1024 bits 112 bits TLS_RSA_WITH_3DES_EDE_CBC_SHA - 112 bits * TLSV1_1 Cipher Suites: Preferred: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH-256 bits 256 bits Accepted: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH-256 bits 256 bits TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH-1024 bits 256 bits TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DH-1024 bits 256 bits TLS_RSA_WITH_AES_256_CBC_SHA - 256 bits TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - 256 bits TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDH-256 bits 128 bits TLS_DHE_RSA_WITH_AES_128_CBC_SHA DH-1024 bits 128 bits TLS_DHE_RSA_WITH_SEED_CBC_SHA DH-1024 bits 128 bits TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DH-1024 bits 128 bits TLS_RSA_WITH_AES_128_CBC_SHA - 128 bits TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - 128 bits TLS_ECDHE_RSA_WITH_RC4_128_SHA ECDH-256 bits 128 bits TLS_RSA_WITH_SEED_CBC_SHA - 128 bits TLS_RSA_WITH_RC4_128_SHA - 128 bits TLS_RSA_WITH_RC4_128_MD5 - 128 bits TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDH-256 bits 112 bits TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DH-1024 bits 112 bits TLS_RSA_WITH_3DES_EDE_CBC_SHA - 112 bits * TLSV1_2 Cipher Suites: Preferred: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH-256 bits 256 bits Accepted: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH-256 bits 256 bits TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH-256 bits 256 bits TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH-256 bits 256 bits TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH-1024 bits 256 bits TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH-1024 bits 256 bits TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH-1024 bits 256 bits TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DH-1024 bits 256 bits TLS_RSA_WITH_AES_256_GCM_SHA384 - 256 bits TLS_RSA_WITH_AES_256_CBC_SHA - 256 bits TLS_RSA_WITH_AES_256_CBC_SHA256 - 256 bits TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - 256 bits TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH-256 bits 128 bits TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDH-256 bits 128 bits TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDH-256 bits 128 bits TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DH-1024 bits 128 bits TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DH-1024 bits 128 bits TLS_DHE_RSA_WITH_AES_128_CBC_SHA DH-1024 bits 128 bits TLS_DHE_RSA_WITH_SEED_CBC_SHA DH-1024 bits 128 bits TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DH-1024 bits 128 bits TLS_RSA_WITH_AES_128_GCM_SHA256 - 128 bits TLS_RSA_WITH_AES_128_CBC_SHA256 - 128 bits TLS_RSA_WITH_AES_128_CBC_SHA - 128 bits TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - 128 bits TLS_RSA_WITH_SEED_CBC_SHA - 128 bits TLS_ECDHE_RSA_WITH_RC4_128_SHA ECDH-256 bits 128 bits TLS_RSA_WITH_RC4_128_SHA - 128 bits TLS_RSA_WITH_RC4_128_MD5 - 128 bits TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDH-256 bits 112 bits TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DH-1024 bits 112 bits TLS_RSA_WITH_3DES_EDE_CBC_SHA - 112 bits
And with the more-restrictive configuration applied:
* SSLV2 Cipher Suites: Server rejected all cipher suites. * TLSV1 Cipher Suites: Server rejected all cipher suites. * TLSV1_1 Cipher Suites: Server rejected all cipher suites. * SSLV3 Cipher Suites: Server rejected all cipher suites. * TLSV1_2 Cipher Suites: Preferred: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH-256 bits 256 bits Accepted: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH-256 bits 256 bits TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH-256 bits 256 bits TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH-1024 bits 256 bits TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH-1024 bits 256 bits TLS_RSA_WITH_AES_256_CBC_SHA256 - 256 bits TLS_RSA_WITH_AES_256_GCM_SHA384 - 256 bits TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH-256 bits 128 bits TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDH-256 bits 128 bits TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DH-1024 bits 128 bits TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DH-1024 bits 128 bits TLS_RSA_WITH_AES_128_GCM_SHA256 - 128 bits TLS_RSA_WITH_AES_128_CBC_SHA256 - 128 bits
This is fine. The secondary's libpq can still connect to the primary using these ciphers, and it will autonegotiate TLSv1.2 as it does so.
Since this code hasn't been shipped in a release yet, I'm going to unmark this as confidential and create the MR in the open. It was always marginal anyway.
- Nick Thomas made the issue visible to everyone
made the issue visible to everyone
- Nick Thomas mentioned in merge request !2072 (merged)
mentioned in merge request !2072 (merged)
- Nick Thomas added workflowin dev label
added workflowin dev label
- Nick Thomas added workflowin review and removed workflowin dev labels
added workflowin review and removed workflowin dev labels
- Contributor
Since we don't need to worry about old clients connecting let's just go ahead and make this as tight as possible.
- Marin Jankovski closed via merge request !2072 (merged)
closed via merge request !2072 (merged)
- Marin Jankovski mentioned in commit c4da4336
mentioned in commit c4da4336
- Marin Jankovski mentioned in commit 0a63831f
mentioned in commit 0a63831f
- Marin Jankovski mentioned in commit e5857f30
mentioned in commit e5857f30
- 🤖 GitLab Bot 🤖 added devopssystems groupgeo labels
added devopssystems groupgeo labels
- Rachel Nienaber removed 1 deleted label
removed 1 deleted label
- Rachel Nienaber removed 1 deleted label
removed 1 deleted label
- Suzanne Selhorn mentioned in merge request gitlab-docs!3607 (closed)
mentioned in merge request gitlab-docs!3607 (closed)