Audit default postgresql TLS cipher list
In we added support for replicating postgresql using TLS. Omnibus defaults to the postgresql defaults for the list of SSL ciphers. We should ensure that the defaults are sane. If they aren't, we should update omnibus to override the postgresql defaults with sane values.
Activity
added security label
https://www.postgresql.org/docs/9.6/static/runtime-config-connection.html states
The default value is HIGH:MEDIUM:+3DES:!aNULL.
Resulting in these ciphers:
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-ECDSA-AES256-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(256) Mac=AEAD ECDHE-ECDSA-AES256-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(256) Mac=AEAD DHE-RSA-AES256-CCM8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(256) Mac=AEAD DHE-RSA-AES256-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(256) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES128-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(128) Mac=AEAD ECDHE-ECDSA-AES128-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(128) Mac=AEAD DHE-RSA-AES128-CCM8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(128) Mac=AEAD DHE-RSA-AES128-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(128) Mac=AEAD ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256 ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(256) Mac=SHA384 ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384 DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256 DHE-DSS-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA256 ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 DHE-DSS-AES128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(128) Mac=SHA256 ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256 DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA256 DHE-DSS-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA256 ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1 DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA1 ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1 DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1 DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA1 RSA-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(256) Mac=AEAD RSA-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=RSAPSK Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD DHE-PSK-AES256-CCM8 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM8(256) Mac=AEAD DHE-PSK-AES256-CCM TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM(256) Mac=AEAD AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD AES256-CCM8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(256) Mac=AEAD AES256-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(256) Mac=AEAD PSK-AES256-GCM-SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(256) Mac=AEAD PSK-CHACHA20-POLY1305 TLSv1.2 Kx=PSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD PSK-AES256-CCM8 TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM8(256) Mac=AEAD PSK-AES256-CCM TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM(256) Mac=AEAD RSA-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(128) Mac=AEAD DHE-PSK-AES128-CCM8 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM8(128) Mac=AEAD DHE-PSK-AES128-CCM TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM(128) Mac=AEAD AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD AES128-CCM8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(128) Mac=AEAD AES128-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(128) Mac=AEAD PSK-AES128-GCM-SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(128) Mac=AEAD PSK-AES128-CCM8 TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM8(128) Mac=AEAD PSK-AES128-CCM TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM(128) Mac=AEAD AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256 CAMELLIA256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA256 AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256 CAMELLIA128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA256 ECDHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(256) Mac=SHA384 ECDHE-PSK-AES256-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(256) Mac=SHA1 SRP-DSS-AES-256-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=AES(256) Mac=SHA1 SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(256) Mac=SHA1 SRP-AES-256-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(256) Mac=SHA1 RSA-PSK-AES256-CBC-SHA384 TLSv1 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA384 DHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=DHEPSK Au=PSK Enc=AES(256) Mac=SHA384 RSA-PSK-AES256-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA1 DHE-PSK-AES256-CBC-SHA SSLv3 Kx=DHEPSK Au=PSK Enc=AES(256) Mac=SHA1 ECDHE-PSK-CAMELLIA256-SHA384 TLSv1 Kx=ECDHEPSK Au=PSK Enc=Camellia(256) Mac=SHA384 RSA-PSK-CAMELLIA256-SHA384 TLSv1 Kx=RSAPSK Au=RSA Enc=Camellia(256) Mac=SHA384 DHE-PSK-CAMELLIA256-SHA384 TLSv1 Kx=DHEPSK Au=PSK Enc=Camellia(256) Mac=SHA384 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1 PSK-AES256-CBC-SHA384 TLSv1 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA384 PSK-AES256-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA1 PSK-CAMELLIA256-SHA384 TLSv1 Kx=PSK Au=PSK Enc=Camellia(256) Mac=SHA384 ECDHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA256 ECDHE-PSK-AES128-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA1 SRP-DSS-AES-128-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=AES(128) Mac=SHA1 SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(128) Mac=SHA1 SRP-AES-128-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(128) Mac=SHA1 RSA-PSK-AES128-CBC-SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA256 DHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA256 RSA-PSK-AES128-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA1 DHE-PSK-AES128-CBC-SHA SSLv3 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA1 ECDHE-PSK-CAMELLIA128-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=Camellia(128) Mac=SHA256 RSA-PSK-CAMELLIA128-SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=Camellia(128) Mac=SHA256 DHE-PSK-CAMELLIA128-SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=Camellia(128) Mac=SHA256 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1 PSK-AES128-CBC-SHA256 TLSv1 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA256 PSK-AES128-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA1 PSK-CAMELLIA128-SHA256 TLSv1 Kx=PSK Au=PSK Enc=Camellia(128) Mac=SHA256 DHE-RSA-SEED-SHA SSLv3 Kx=DH Au=RSA Enc=SEED(128) Mac=SHA1 DHE-DSS-SEED-SHA SSLv3 Kx=DH Au=DSS Enc=SEED(128) Mac=SHA1 SEED-SHA SSLv3 Kx=RSA Au=RSA Enc=SEED(128) Mac=SHA1I think it's possible that an MitM attacker could execute a protocol downgrade attack with these settings.
If so, we need to ensure that we only support TLSv1.1 and TLSv1.2, by setting a default value for
postgresql['ssl_ciphers']-
PostgreSQL doesn't have a dial to disable specific protocols, and it seems it enables TLSv1, TLSv1.1 and TLSv1.2 (not SSLv3 and not SSLv2 from my initial investigation. Will confirm soon).
What we can do is disable all the ciphers that work in TLSv1 and SSLv3:
lupine@gitlab-t470p:~$ openssl ciphers -v 'HIGH:MEDIUM:+3DES:!aNULL:!TLSv1:!SSLv3' ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-ECDSA-AES256-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(256) Mac=AEAD ECDHE-ECDSA-AES256-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(256) Mac=AEAD DHE-RSA-AES256-CCM8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(256) Mac=AEAD DHE-RSA-AES256-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(256) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES128-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(128) Mac=AEAD ECDHE-ECDSA-AES128-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(128) Mac=AEAD DHE-RSA-AES128-CCM8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(128) Mac=AEAD DHE-RSA-AES128-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(128) Mac=AEAD ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256 ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(256) Mac=SHA384 ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384 DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256 DHE-DSS-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA256 ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 DHE-DSS-AES128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(128) Mac=SHA256 ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256 DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA256 DHE-DSS-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA256 RSA-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(256) Mac=AEAD RSA-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=RSAPSK Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD DHE-PSK-AES256-CCM8 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM8(256) Mac=AEAD DHE-PSK-AES256-CCM TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM(256) Mac=AEAD AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD AES256-CCM8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(256) Mac=AEAD AES256-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(256) Mac=AEAD PSK-AES256-GCM-SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(256) Mac=AEAD PSK-CHACHA20-POLY1305 TLSv1.2 Kx=PSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD PSK-AES256-CCM8 TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM8(256) Mac=AEAD PSK-AES256-CCM TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM(256) Mac=AEAD RSA-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(128) Mac=AEAD DHE-PSK-AES128-CCM8 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM8(128) Mac=AEAD DHE-PSK-AES128-CCM TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM(128) Mac=AEAD AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD AES128-CCM8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(128) Mac=AEAD AES128-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(128) Mac=AEAD PSK-AES128-GCM-SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(128) Mac=AEAD PSK-AES128-CCM8 TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM8(128) Mac=AEAD PSK-AES128-CCM TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM(128) Mac=AEAD AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256 CAMELLIA256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA256 AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256 CAMELLIA128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA256This is nasty, but should have the desired effect - protocol downgrades will fail as the client will be unable to agree a cipher with the server.
Edited by Nick Thomas -
A before and after on my local machine. Although the list of ciphers available be be different in omnibus, since we compile against our own openssl, which is in v1.0.2 whereas I'm v1.1.0. If the list ends up empty, we can't use this. I'll check.
lupine@gitlab-t470p:~/src/sslyze$ python sslyze --starttls=postgres --hide_rejected_ciphers localhost:5432 --sslv2 --sslv3 --tlsv1 --tlsv1_1 --tlsv1_2 SCAN RESULTS FOR LOCALHOST:5432 - ::1 ------------------------------------- * SSLV2 Cipher Suites: Server rejected all cipher suites. * SSLV3 Cipher Suites: Server rejected all cipher suites. * TLSV1 Cipher Suites: Preferred: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH-256 bits 256 bits Accepted: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH-256 bits 256 bits TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH-1024 bits 256 bits TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DH-1024 bits 256 bits TLS_RSA_WITH_AES_256_CBC_SHA - 256 bits TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - 256 bits TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDH-256 bits 128 bits TLS_DHE_RSA_WITH_AES_128_CBC_SHA DH-1024 bits 128 bits TLS_DHE_RSA_WITH_SEED_CBC_SHA DH-1024 bits 128 bits TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DH-1024 bits 128 bits TLS_RSA_WITH_SEED_CBC_SHA - 128 bits TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - 128 bits TLS_RSA_WITH_AES_128_CBC_SHA - 128 bits * TLSV1_1 Cipher Suites: Preferred: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH-256 bits 256 bits Accepted: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH-256 bits 256 bits TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DH-1024 bits 256 bits TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH-1024 bits 256 bits TLS_RSA_WITH_AES_256_CBC_SHA - 256 bits TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - 256 bits TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDH-256 bits 128 bits TLS_DHE_RSA_WITH_AES_128_CBC_SHA DH-1024 bits 128 bits TLS_DHE_RSA_WITH_SEED_CBC_SHA DH-1024 bits 128 bits TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DH-1024 bits 128 bits TLS_RSA_WITH_AES_128_CBC_SHA - 128 bits TLS_RSA_WITH_SEED_CBC_SHA - 128 bits TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - 128 bits * TLSV1_2 Cipher Suites: Preferred: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH-256 bits 256 bits Accepted: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH-256 bits 256 bits TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH-256 bits 256 bits TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH-256 bits 256 bits TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH-1024 bits 256 bits TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH-1024 bits 256 bits TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH-1024 bits 256 bits TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDH-256 bits 256 bits TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 DH-1024 bits 256 bits TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DH-1024 bits 256 bits TLS_RSA_WITH_AES_256_CBC_SHA256 - 256 bits TLS_RSA_WITH_AES_256_CBC_SHA - 256 bits TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - 256 bits TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - 256 bits TLS_RSA_WITH_AES_256_GCM_SHA384 - 256 bits TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH-256 bits 128 bits TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDH-256 bits 128 bits TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DH-1024 bits 128 bits TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDH-256 bits 128 bits TLS_DHE_RSA_WITH_AES_128_CBC_SHA DH-1024 bits 128 bits TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DH-1024 bits 128 bits TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDH-256 bits 128 bits TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 DH-1024 bits 128 bits TLS_DHE_RSA_WITH_SEED_CBC_SHA DH-1024 bits 128 bits TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DH-1024 bits 128 bits TLS_RSA_WITH_SEED_CBC_SHA - 128 bits TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - 128 bits TLS_RSA_WITH_AES_128_GCM_SHA256 - 128 bits TLS_RSA_WITH_AES_128_CBC_SHA - 128 bits TLS_RSA_WITH_AES_128_CBC_SHA256 - 128 bits TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - 128 bits SCAN COMPLETED IN 0.31 S ------------------------ lupine@gitlab-t470p:~/src/sslyze$ python sslyze --starttls=postgres --hide_rejected_ciphers localhost:5432 --sslv2 --sslv3 --tlsv1 --tlsv1_1 --tlsv1_2 SCAN RESULTS FOR LOCALHOST:5432 - ::1 ------------------------------------- * SSLV2 Cipher Suites: Server rejected all cipher suites. * TLSV1 Cipher Suites: Server rejected all cipher suites. * SSLV3 Cipher Suites: Server rejected all cipher suites. * TLSV1_1 Cipher Suites: Server rejected all cipher suites. * TLSV1_2 Cipher Suites: Preferred: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH-256 bits 256 bits Accepted: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH-256 bits 256 bits TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH-256 bits 256 bits TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH-1024 bits 256 bits TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH-1024 bits 256 bits TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDH-256 bits 256 bits TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 DH-1024 bits 256 bits TLS_RSA_WITH_AES_256_CBC_SHA256 - 256 bits TLS_RSA_WITH_AES_256_GCM_SHA384 - 256 bits TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - 256 bits TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH-256 bits 128 bits TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDH-256 bits 128 bits TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DH-1024 bits 128 bits TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DH-1024 bits 128 bits TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDH-256 bits 128 bits TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 DH-1024 bits 128 bits TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - 128 bits TLS_RSA_WITH_AES_128_CBC_SHA256 - 128 bits TLS_RSA_WITH_AES_128_GCM_SHA256 - 128 bits SCAN COMPLETED IN 0.30 S ------------------------ lupine@gitlab-t470p:~/src/sslyze$ -
OK. Current behaviour in omnibus:
* SSLV2 Cipher Suites: Server rejected all cipher suites. * SSLV3 Cipher Suites: Server rejected all cipher suites. * TLSV1 Cipher Suites: Preferred: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH-256 bits 256 bits Accepted: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH-256 bits 256 bits TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH-1024 bits 256 bits TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DH-1024 bits 256 bits TLS_RSA_WITH_AES_256_CBC_SHA - 256 bits TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - 256 bits TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDH-256 bits 128 bits TLS_DHE_RSA_WITH_AES_128_CBC_SHA DH-1024 bits 128 bits TLS_DHE_RSA_WITH_SEED_CBC_SHA DH-1024 bits 128 bits TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DH-1024 bits 128 bits TLS_RSA_WITH_AES_128_CBC_SHA - 128 bits TLS_RSA_WITH_SEED_CBC_SHA - 128 bits TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - 128 bits TLS_ECDHE_RSA_WITH_RC4_128_SHA ECDH-256 bits 128 bits TLS_RSA_WITH_RC4_128_SHA - 128 bits TLS_RSA_WITH_RC4_128_MD5 - 128 bits TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDH-256 bits 112 bits TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DH-1024 bits 112 bits TLS_RSA_WITH_3DES_EDE_CBC_SHA - 112 bits * TLSV1_1 Cipher Suites: Preferred: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH-256 bits 256 bits Accepted: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH-256 bits 256 bits TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH-1024 bits 256 bits TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DH-1024 bits 256 bits TLS_RSA_WITH_AES_256_CBC_SHA - 256 bits TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - 256 bits TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDH-256 bits 128 bits TLS_DHE_RSA_WITH_AES_128_CBC_SHA DH-1024 bits 128 bits TLS_DHE_RSA_WITH_SEED_CBC_SHA DH-1024 bits 128 bits TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DH-1024 bits 128 bits TLS_RSA_WITH_AES_128_CBC_SHA - 128 bits TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - 128 bits TLS_ECDHE_RSA_WITH_RC4_128_SHA ECDH-256 bits 128 bits TLS_RSA_WITH_SEED_CBC_SHA - 128 bits TLS_RSA_WITH_RC4_128_SHA - 128 bits TLS_RSA_WITH_RC4_128_MD5 - 128 bits TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDH-256 bits 112 bits TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DH-1024 bits 112 bits TLS_RSA_WITH_3DES_EDE_CBC_SHA - 112 bits * TLSV1_2 Cipher Suites: Preferred: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH-256 bits 256 bits Accepted: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH-256 bits 256 bits TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH-256 bits 256 bits TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH-256 bits 256 bits TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH-1024 bits 256 bits TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH-1024 bits 256 bits TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH-1024 bits 256 bits TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DH-1024 bits 256 bits TLS_RSA_WITH_AES_256_GCM_SHA384 - 256 bits TLS_RSA_WITH_AES_256_CBC_SHA - 256 bits TLS_RSA_WITH_AES_256_CBC_SHA256 - 256 bits TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - 256 bits TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH-256 bits 128 bits TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDH-256 bits 128 bits TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDH-256 bits 128 bits TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DH-1024 bits 128 bits TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DH-1024 bits 128 bits TLS_DHE_RSA_WITH_AES_128_CBC_SHA DH-1024 bits 128 bits TLS_DHE_RSA_WITH_SEED_CBC_SHA DH-1024 bits 128 bits TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DH-1024 bits 128 bits TLS_RSA_WITH_AES_128_GCM_SHA256 - 128 bits TLS_RSA_WITH_AES_128_CBC_SHA256 - 128 bits TLS_RSA_WITH_AES_128_CBC_SHA - 128 bits TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - 128 bits TLS_RSA_WITH_SEED_CBC_SHA - 128 bits TLS_ECDHE_RSA_WITH_RC4_128_SHA ECDH-256 bits 128 bits TLS_RSA_WITH_RC4_128_SHA - 128 bits TLS_RSA_WITH_RC4_128_MD5 - 128 bits TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDH-256 bits 112 bits TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DH-1024 bits 112 bits TLS_RSA_WITH_3DES_EDE_CBC_SHA - 112 bitsAnd with the more-restrictive configuration applied:
* SSLV2 Cipher Suites: Server rejected all cipher suites. * TLSV1 Cipher Suites: Server rejected all cipher suites. * TLSV1_1 Cipher Suites: Server rejected all cipher suites. * SSLV3 Cipher Suites: Server rejected all cipher suites. * TLSV1_2 Cipher Suites: Preferred: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH-256 bits 256 bits Accepted: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH-256 bits 256 bits TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH-256 bits 256 bits TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH-1024 bits 256 bits TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH-1024 bits 256 bits TLS_RSA_WITH_AES_256_CBC_SHA256 - 256 bits TLS_RSA_WITH_AES_256_GCM_SHA384 - 256 bits TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH-256 bits 128 bits TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDH-256 bits 128 bits TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DH-1024 bits 128 bits TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DH-1024 bits 128 bits TLS_RSA_WITH_AES_128_GCM_SHA256 - 128 bits TLS_RSA_WITH_AES_128_CBC_SHA256 - 128 bitsThis is fine. The secondary's libpq can still connect to the primary using these ciphers, and it will autonegotiate TLSv1.2 as it does so.
Since this code hasn't been shipped in a release yet, I'm going to unmark this as confidential and create the MR in the open. It was always marginal anyway.
mentioned in merge request !2072 (merged)
added workflowin dev label
added workflowin review and removed workflowin dev labels
closed via merge request !2072 (merged)
mentioned in commit c4da4336
mentioned in commit 0a63831f
mentioned in commit e5857f30
added devopssystems groupgeo labels
mentioned in merge request gitlab-docs!3607 (closed)
Please register or sign in to reply